Thousands of Americans could be eligible for payments of up to $5,500 following a data breach settlement with Cummins Behavioral Health Systems, Inc. The 2023 breach, which exposed sensitive personal information, led to a class-action lawsuit and a $2.1 million settlement aimed at compensating victims and covering associated costs.
The settlement
The settlement provides several options for eligible class members:
- Extraordinary losses: Reimbursement of up to $5,000 for documented losses like identity theft or significant financial harm.
- Ordinary losses: Up to $500 for lesser, documented damages.
- Lost time: $25 per hour for up to 3 hours spent resolving breach-related issues.
- No documentation needed: A $65 cash payment or a free trauma screening for those without documentation of losses.
Class members can file claims through the official settlement website. Importantly, claims must be submitted under penalty of perjury, emphasizing the importance of honesty in the process.
Go deeper: Thousands could receive up to $5,500 from health system data breach settlement
Lessons from the data breach
This breach reminds healthcare organizations of the growing risks posed by inadequate data security with the digitization of healthcare. Here are some key takeaways:
- Data protection is non-negotiable: Organizations handling sensitive information must prioritize cybersecurity measures, such as firewalls, encryption, and employee training to mitigate risks.
- The ripple effects of data breaches: Victims face significant financial, emotional, and logistical burdens, from identity theft to time lost resolving issues. Companies must address these consequences proactively.
- Transparency matters: The speed and clarity with which organizations respond to breaches can influence public perception and legal outcomes.
See also: HIPAA Breach Report for September 2024
Recommendations for companies
To prevent breaches and protect sensitive information, organizations should:
- Implement strong security protocols: Regularly update software, conduct penetration testing, and secure systems with multi-layered defenses.
- Train employees: Equip staff with knowledge on recognizing cyberattacks and practicing secure data handling.
- Develop an incident response plan: Have a clear strategy to respond to breaches quickly and transparently.
See also: HIPAA Compliant Email: The Definitive Guide
How individuals can protect themselves
While companies bear much of the responsibility, individuals can take steps to safeguard their own information:
- Monitor financial activity: Regularly check bank statements and credit reports for unauthorized transactions.
- Enable two-factor authentication (2FA): Add an extra layer of security to online accounts using 2FA.
- Be skeptical of phishing attempts: Verify suspicious emails or messages before clicking links or sharing information.
- Consider credit monitoring: Services like credit freezes or alerts can help detect identity theft early.
FAQs
How do I know if I’ve been affected by a data breach?
If your information was compromised in a data breach, you may be notified by the organization that experienced the breach. Notifications are typically sent by mail, email, or phone, informing you of the breach and offering details on how to proceed.
What types of compensation are typically offered in a data breach settlement?
Common forms of compensation include:
- Reimbursement for losses (e.g., unauthorized charges or financial harm).
- Compensation for time spent dealing with the breach.
- Free services, like credit monitoring or identity theft protection.
- Alternative cash payments for those without documentation of losses.
Can I object to the settlement?
Yes, if you disagree with the terms of the settlement, you can object by writing to the court, stating the reasons for your objection. If your objection is not resolved, you may also have the opportunity to speak at the final approval hearing.