In May 2024, DataBreaches logged an incident on our worksheets that involved the Columbia University Irving Medical Center in New York. The incident had been reported to HHS as affecting 29,629 patients whose name, medical record number, date of birth, provider name, and laboratory test result had been exposed between Sept. 11, 2023, and March 7, 2024 as a result of human error.
HHS’s investigation has been closed with the following note:
The covered entity (CE), Columbia University Irving Medical Center, reported that an employee posted the protected health information (PHI) of 29,629 individuals on the Internet. The PHI involved included names, dates of birth, and a single laboratory test result. The CE notified HHS, affected individuals, the media, and posted substitute notice on its website. In response to the breach, the CE secured the data and provided staff additional training in its requirements to protect and secure PHI.
Now Dora Gao reports that a lawsuit stemming from the incident has settled for $600,000. CUIMC denies any wrongdoing or liability.
U.S. residents who received a notice about the breach are eligible to file a claim, the settlement reads. Claimants can receive reimbursement of up to $10,000 for documented losses, including bank fees, travel costs, or fees for credit monitoring services.
Claimants are eligible for two years of CyEx Medical Shield Complete, an online fraud detection service that monitors credit activity, health insurance IDs, Medicare numbers, and other personal data.
The settlement will provide cash payments to claimants from the remainder of the $600,000 fund after attorneys’ fees, settlement administration, and service awards to class representatives are deducted.
Read more at The Columbia Spectator