One year after Excellus settled with OCR over a 2015 data breach, there is now a proposed settlement in a class action lawsuit that was filed in response to the breach.
The terms of the settlement, which have not yet been approved by the court, do not involve paying even one dime to class members. Instead, it seems that Excellus, who reiterates that no court has found it guilty of any wrong-doing, will take agreed-upon steps to enhance its security program.
And of course, the lawyers will get paid.
So where does that leave class members? Well, if I understand the proposal correctly, they retain the right to still sue for damages, but other than getting some assurance that Excellus will do better/try harder, the settlement doesn’t seem to do much. But see what you think: you can read the proposed settlement here.
Some background on the breach can be found here.
And OCR’s January, 2021 settlement with Excellus for $5 million and a corrective action plan — not a dime of which went to any affected insurance plan members — can be found here.