In October, 2019, Kalispell Regional Health suffered a phishing incident that impacted more than 100,000 patients. They were sued shortly thereafter.
Today, a proposed settlement of the class action lawsuit was announced. The settlement has yet to be approved and the class hasn’t been certified yet for purposes of the suit. That is all scheduled to be decided in court on January 5.
To cut to the chase, the settlement terms provide for:
Under the Settlement, Kalispell will pay $4,200,000.00 into a Settlement Fund that will be used to provide the following benefits:
● Cash reimbursement for Out-of-Pocket Losses fairly traceable to the Data Breach (see FAQ 8);
● Cash reimbursement for Attested Time spent remedying issues related to the Data Breach (FAQ 8);
● Identity Restoration Services (see FAQ 11);
● Credit Monitoring Services (see FAQ 9) or
● Alternative Cash Payments (see FAQ 10);
● Minor Monitoring Services for affected minors (see FAQ 9);
● Attorneys’ fees and expenses as approved by the Court (see FAQ 18), service awards for the class representatives as approved by the Court (see FAQ 19), and the costs of notifying the class and administering the Settlement.Depending on the number of valid claims, the costs of settlement administration, and the amount awarded by the Court for attorney’s fees and costs and service payments, payments for certain benefits may be reduced proportionally or withheld as set forth in paragraph 67 of the Settlement Agreement.
As part of the Settlement, Kalispell also has agreed to implement certain business practices relating to its information security program for three years after the Effective Date of the Settlement (see FAQ 12).
The FAQs are linked from the settlement web site, here.
The case is WILLIAM HENDERSON v. KALISPELL REGIONAL HEALTHCARE. No. CDV 19-0761. Montana Eighth Judicial District Court, Cascade County.
Source: PR Newswire