Preliminary settlement approved in 21st Century Oncology 2015 breach case
Long-time readers may remember that 21st Century Oncology had a slew of serious problems going back to 2013 including a rogue employee-related breach that they were alerted to by law enforcement, and litigation under the False Claims Act that resulted in them paying $34.7 million for billing for medically unnecessary tests. But of note, in 2015, law enforcement once again alerted them to a data breach. This one was a hack, and the entity then disclosed the hack in March of 2016, telling DataBreaches.net that it impacted 2.2 million patients.
Months later, it was sued for $57 million in a potential class action lawsuit.
In December, 2017, 21st Century Oncology reached a $2.3 million settlement with OCR over the 2015 breach. Also in December, they settled another prosecution under the False Claims Act for another $26 million. By then, 21st Century Oncology had already filed for bankruptcy.
And I didn’t see it at the time, but in November, 2020, a class action lawsuit filed in District Court for the Middle District of Florida (Case No. 8:16-md-2737-MSS-AEP MDL No. 2737) received preliminary approval. Under the terms of the settlement 21CO will pay for:
- two years of credit monitoring and insurance services through Identity Guard’s “Total Plan,” which may be deferred for up to two years;
- reimbursement of documented fraud/out-of-pocket expenses of up to $10,000 traceable to the data breach; and
- reimbursement of default and/or documented time spent attempting to remedy issues traceable to the data breach (to a maximum of $40 based on two hours at $20/hour).
More details can be found on the settlement web site.