Top Class Actions reports:
Fertility Centers of Illinois (FCI) agreed to pay $450,000 to end claims it allowed a 2021 data breach through subpar cybersecurity measures.
The settlement benefits consumers who were impacted by Fertility Centers of Illinois’ data breach Feb. 1, 2021. Class members may have been sent a notification about the breach from FCI.
The case is Monegato, et al. v. Fertility Centers of Illinois PLLC, Case No. 2022-CH-00810, in the Circuit Court of Cook County, Illinois. The official settlement site is FCISettlement.com
Of note, the complaint alleges that although FCI had detected the breach, they did not notify any of the almost 80,000 potentially affected patients and HHS until 10 months later.
A check of HHS’s public breach tool today indicates that HHS has not closed any investigation into this incident. HHS has not been particularly impressive when it comes to imposing monetary penalties for violations of the HIPAA Security Rule and HITECH. DataBreaches would love to see them actually take enforcement action when entities fail to notify timely. What is the point of having deadlines if you don’t enforce them?