Preliminary settlement reached in 21st Century Oncology data breach claims
Cancer care provider 21st Century Oncology reached a preliminary $12.5 million settlement, including attorneys’ fees, to resolve claims in multidistrict litigation regarding allegations the company neglected to protect the private information of millions of patients in a 2015 data breach. The company filed for Chapter 11 bankruptcy in May 2017, roughly a year after patients were notified about the breach.
U.S. District Court Middle District of Florida Tapa Division granted preliminary approval of the settlement on November 2, 2020. Class members will be notified of the proposed settlement by Jan. 8, 2021 and the deadline for opt-outs, or to be excluded from the class is March 9, 2021. The final approval hearing is June 15, 2021.
Motley Rice attorney Jodi Westbrook Flowers, serves on the settlement’s leadership committee as liaison counsel and a member of the Plaintiffs’ Steering Committee for the litigation.
Terms of the proposed settlement
- Impacted patients will receive two years of Identity Guard total credit monitoring and identity theft protection services, which may be deferred by two years. Read more about the service.
- The settlement establishes a $7.85 million fund to compensate class for:
- Up to two hours of undocumented time at $20/hour for time spent addressing, attempting to remedy, or remedying issues fairly traceable to the data breach
- Up to an additional 13 hours of documented time at $20/hour for time spent addressing, attempting to remedy, or remedying issues fairly traceable to the data breach
- Up to $10,000 of documented fraud damages and/or out-of-pocket costs
- Compensation for settlement notice, attorney fees and administration costs is included.
The remaining value of the estimated settlement comprises the value of the credit monitoring and insurance services.
21st Century Oncology has taken steps to improve cybersecurity practices and procedures, including implementing a Corrective Action Plan to protect patients’ information.
“Medical providers are entrusted with a treasure trove of personal information for millions of Americans including birthdays, addresses, Social Security numbers, credit card numbers, banking information, and personal and family health history. When cyber criminals manage to breach healthcare networks, they access all they need to steal identities and commit a host of other crimes against people who are already vulnerable,” said attorney for the plaintiffs Jodi Westbrook Flowers. “Our health care records deserve utmost privacy and protection. I’m pleased we were able to reach a favorable agreement that if granted final approval will serve as a reminder to other providers that adequate cybersecurity is not optional.”
The FBI notified 21st Century Oncology of the data breach on Nov. 13, 2015. Upon investigation, it was determined that the breach occurred on Oct. 3, 2015 and affected roughly 2.2 million current and former patients. Patients, however, did not receive letters from the company alerting them to the breach until March 2016.
The company filed for Chapter 11 bankruptcy in May 2017, citing the cost of the litigation, legal settlements and the cost to comply with electronic record regulations as sources of financial strain.
Read more on cybersecurity in Jodi Westbrook Flowers’ blog posts: