Top Class Actions reports that NuLife Med LLC has agreed to settle claims it failed to protect patient information in a March 2022 data breach.
On May 9, the New Hampshire medical devices firm reported a breach to HHS that affected 81,244 patients. In their website notice, they noted that the types of personally identifiable and protected health information included name, address, and medical or health insurance information. For some people, Social Security number, driver’s license information, and/or financial account or credit card information may also have been involved.
Ten days later, the plaintiff’s first lawsuit was filed. The first case was dismissed, but the second one filed resulted in the settlement: Pires, et al. v. NuLife Med LLC, Case No. CACE-22-017828, in the Circuit Court of the 17th Judicial Circuit in and for Broward County, Florida.
Under the terms of the preliminary settlement, which includes a denial of any wrongdoing by NuLife Med and which does not specify a settlement amount, the plaintiff will get $10,000 and all others will get their choice of either one year of credit monitoring or $25.
Documents from the case and how to file a claim can be found on the official settlement site at NuLifeMedClassSettlement.com.
As always, DataBreaches looked at the terms of the settlement to see what provisions there were, if any, for the defendant to improve data security. In this case, we found no provisions agreeing to improve security, even though the claims were that the entity had failed to encrypt data or delete no-longer needed data, etc.
Read more at Top Class Actions.