Top Class Actions reports there is a settlement involving Preferred Home Care in New York. The lawsuit alleged the provider failed to protect employee and patient data from an attack in January 2021. The data breach allegedly compromised the information of 92,283 patients and employees, including sensitive health information and personal identifiers such as Social Security numbers.
As DataBreaches reported in March 2021, this was a ransomware attack claimed by REvil threat actors in January 2021.
The settlement site is AssistCareDataSettlement.com.
As always, DataBreaches looked for any data security provisions in the settlement. In this case, the settlement provides:
3.3 Injunctive Relief. Defendant shall continue to provide security for patient, employee, and former employee private information and personal health information. Preferred Home shall provide Plaintiffs’ counsel with a confidential declaration or affidavit outlining the alleged security-related issues involved in the Data Incident and attesting that security-related measures have been implemented to remediate said security-related issues. Costs associated with these security-related measures have been paid by Preferred Home separate and apart from other settlement benefits. Preferred Home shall also provide a reasonable estimated cost of all security enhancements and remediation measures to date, and all planned security enhancements and remediation measures reasonably related to the Data Incident.