Preliminary settlement approved in 21st Century Oncology 2015 breach case

Long-time readers may remember that 21st Century Oncology had a slew of serious problems going back to 2013 including a rogue employee-related breach that they were alerted to by law enforcement, and litigation under the False Claims Act that resulted in them paying $34.7 million for billing for medically unnecessary tests.  But of note, in 2015, law enforcement once again alerted them to a data breach. This one was a hack, and the entity then disclosed the hack in March of 2016, telling that it impacted 2.2 million patients.

Months later, it was sued for $57 million in a potential class action lawsuit.

In December, 2017, 21st Century Oncology  reached a $2.3 million settlement with OCR over the 2015 breach.  Also in December, they settled another prosecution under the False Claims Act for another $26 million. By then, 21st Century Oncology had already filed for bankruptcy.

And I didn’t see it at the time, but in November, 2020, a class action lawsuit filed in District Court for the Middle District of Florida (Case No. 8:16-md-2737-MSS-AEP MDL No. 2737) received preliminary approval.  Under the terms of the settlement 21CO will pay for:

  • two years of credit monitoring and insurance services through Identity Guard’s “Total Plan,” which may be deferred for up to two years;
  • reimbursement of documented fraud/out-of-pocket expenses of up to $10,000 traceable to the data breach; and
  • reimbursement of default and/or documented time spent attempting to remedy issues traceable to the data breach (to a maximum of $40 based on two hours at $20/hour).

More details can be found on the settlement web site.




About the author: Dissent

Comments are closed.