More class action settlements and suits, Friday morning edition
PCS Revenue Control Systems data breach $1.135M class action settlement
PCS Revenue Control Systems agreed to pay $1.135 million to resolve claims it failed to protect consumers from a data breach.
The settlement benefits consumers whose personal information was compromised in a PCS Revenue Control Systems data breach between May 19, 2017, and Dec. 19, 2019. An estimated 867,2019 individuals are included under this class definition.
The case is Gamez, et al. v. PCS Revenue Control Systems Inc., Case No. 2:21-cv-08991-JXN-AME in the U.S. District Court for the District of New Jersey, Newark Division
The breach was identified in 2019 but notifications did not go out until 2021.
Read more at Top Class Actions.
Gastroenterology Consultants PA settles litigation over ransomware attack
Gastroenterology Consultants PA (GCPA) has agreed to settle consumer claims that the business did not adequately protect consumers from a data breach to GCPA’s computer systems on or around Jan. 10, 2021.
Previous coverage of this breach on DataBreaches can be found here. A review of HHS’s records indicates that GCPA reported the incident to HHS in March of 2021 as impacting 161,698 patients. HHS does not appear to have closed any investigation into the incident as of this time.
The settlement document indicates that CGPA “reached a resolution with the
cybercriminals” and “on or about August 6, 2021, provided all potentially impacted individuals with notice of the Data Incident. In total, GCPA notified approximately 162,163 individuals of the Data Incident.” The settlement, which was developed in mediation, does not name the ransomware group.
As part of the terms of the settlement, GCPA agreed to some remedial measures and security enhancements:
GCPA has adopted and implemented significant data security measures following the Data Incident, including multifactor authentication, VPN remote access protocols, EDR software implementation, operating system and backup upgrades, and restricted access procedures. GCP A has committed to completing a security risk assessment in 2022 and 2023, and to enact reasonable and appropriate security
enhancements identified in the security risk assessments. To date, GCP A estimates that the total costs of improvements is approximately $3,500 and that the improvements will cost an additional $11,500 in 2022.
The case is Dekenipp v. Gastroenterology Consultants, P.A., Case No. 202161470, in the Harris County District Court of Texas
Read more at Top Class Actions
Newly Filed Lawsuits
Cue Rosanna Danna saying “It’s always something.”