·  Legal News, Analysis, & Commentary

Lawsuits & Litigation

Meriter Health Services Settles Lawsuit Over Data Breach

— July 2, 2020

Meriter Health Services recently announced it will pay $2.8M to settle a lawsuit over two 2018 data breaches.

As a consumer, one of the worst calls you can get is news that your sensitive information was subjected to a data hack, but it happens all the time. In fact, just recently, Meriter Health Services in Madison, Wisconsin announced it would pay thousands of Wisconsin patients up to “$7,000 and a year of credit monitoring and identity protection as part of a settlement against UnityPoint Health over data breaches.”

Upclose shot of computer screen with the word “Security” and a hand-shaped cursor; image by Pixabay, via
Upclose shot of computer screen with the word “Security” and a hand-shaped cursor; image by Pixabay, via

The settlement, which was announced last week, brings an end to lawsuits involving data breaches in 2018. As a result of those breaches, thousands of patients were told “their names, addresses and medical information — and, for some, driver’s license, Social Security and payment card or bank account numbers — may have been compromised.” During the first incident, 16,400 patients had their private information stolen, while 1.4 million people had their information stolen in the second incident, “including 76,000 in Wisconsin.

The class-action suits were filed on behalf of the thousands of patients who had their information compromised, including plaintiffs “Yvonne Mart Fox, of Middleton, and Grant Nesheim, of Mazomanie. Other named plaintiffs are from Illinois and Iowa.” According to the settlement, patients can get “up to $1,000 for ordinary expenses and $6,000 for extraordinary expenses” with valid claims. Additionally, each patient would be eligible for a “year of credit monitoring and identity protection.”

The suit was filed in U.S. District Court in Madison, Wisconsin. According to Fox, one of the plaintiffs, she was “harassed and inundated with unwanted, unsolicited and unlawful spam and phishing emails and auto-dialed calls from unscrupulous operators” as a result of the breach. Nesheim discovered he was a victim of the breach when someone made a “fraudulent attempt to open an unauthorized credit card in his name.” He added that he was “so inundated with robocalls that he had to take on a new number for work calls.”

When commenting on the agreement, Cari Campen Laufenberg, an attorney for the plaintiffs, said:

“I conclude that the Settlement provides exceptional results for Settlement Class members, while sparing Settlement Class members from the uncertainties of continued and protracted litigation.”

As part of the agreement, UnityPoint Health must also “address the vulnerabilities that resulted in the breaches.” The healthcare system added that the incidents were caused by phishing attacks. Specifically, the hospital claims that “emails disguised to appear like they came from an executive with the organization tricked employees into providing sign-in information, giving the attackers access to their accounts.” Christine Zrostlik, a spokeswoman for UnityPoint, said:

“Since the phishing incidents occurred, UnityPoint Health notified affected parties in compliance with applicable law, conducted a full investigation and implemented a variety of safeguards to reduce the likelihood of a similar incident occurring again.”


Settlement reached in lawsuit against UnityPoint Health over data breaches

UnityPoint Health agrees to $2.8M settlement in 2018 data breach case

Join the conversation!