Oak Valley Hospital, located in Oakdale, California, reached a settlement in a class action related to a 2023 data breach. On July 18, 2023, Oak Valley detected suspicious activity on its IT systems. Pursuant to the forensic investigation, Oak Valley determined that an unauthorized third-party had access to its systems from April 21 to July
settlement
CT AG Settles Data Breach Case with Guardian Analytics
Connecticut Attorney General William Tong announced on October 21, 2024, that his office has settled a data breach case against Guardian Analytics, Inc. for $500,000. The data breach affected the personal information of 157,629 Connecticut residents. The CT AG alleged that Guardian Analytics failed to implement reasonable and appropriate data security across its systems and…
Four Companies Settle Allegations of Deceptive Cyber Disclosures with SEC
This week, the Securities and Exchange Commission (SEC) charged four public companies for alleged deceptive cyber disclosures: Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd., and Mimecast Limited. The companies agreed to pay civil penalties to settle the SEC’s charges as follows:
OCR’s Tenth Right to Access Settlement Is Small but Meaningful
The Office for Civil Rights (OCR) recently settled a tenth case under its right-to-access initiative with California-based Riverside Psychiatric Medical Group (RPMG), for $25,000.
Although a relatively small settlement in the amount paid, it shows that the OCR is taking patients’ requests for access to their medical records seriously, and that no complaint is too…
Size Doesn’t Matter for OCR Enforcement Actions
Small health care organizations may think they are under the radar of the Office for Civil Rights (OCR), but a settlement the OCR agreed to last week should disabuse small health care providers of that notion.
On July 23, 2020, the OCR issued a press release outlining the terms of its settlement with Metropolitan Community…
Cottage Health Settles with OCR for $3M
We previously reported that Cottage Health, a health care entity operating several hospitals in California, settled with the State of California for $3 million in regard to a security incident that occurred in 2013. On February 7, 2019, the Office for Civil Rights (OCR) issued a press release that it settled HIPAA violations in December…
Parties Seek to Settle Yahoo Data Breach Class Action for $50M
We previously wrote about the Yahoo data breaches, subsequent class action pending in California, and the company’s estimate of potential settlement costs. Based on the Plaintiffs’ recent Motion for Preliminary Approval of Class Action Settlement, filed on October 22, 2018, the parties have tentatively agreed to settle the case for $50,000,000 in settlement funds, $35,000,000 in attorneys’ fees, and $2,500,000 in expenses. Additionally, class members will be able to avail themselves of various credit monitoring services, and the class representatives who filed the action will be entitled to between $7,500 and $2,500 each, exclusive of the settlement funds, depending on the nature of their involvement. The settlement would apply to both the pending federal class action—before District Judge Lucy H. Koh—and similar state court litigation.
Continue Reading Parties Seek to Settle Yahoo Data Breach Class Action for $50M
Years-Long Exposure of Sensitive Client Information Results in $200,000 Settlement with New York Attorney General
In late August, the Attorney General of the State of New York announced a $200,000 settlement with a New York-based non-profit organization that provides services to developmentally disabled individuals and their families after concluding that the organization exposed sensitive personal information of its clients on the Internet for almost three years.
The settlement is the…
Dumpster Diving Leads to $100,000 Fine for Defunct Business Associate Due to Improper Disposal of Medical Records
On February 13, 2018, the HHS Office for Civil Rights (OCR) announced a $100,000 settlement with a court-appointed receiver representing Filefax, Inc. (Filefax) arising from the 2015 discovery of medical records that contained protected health information (PHI) of over two thousand individuals in a dumpster. Filefax, a now-defunct medical records moving and storage company located…
Federal Trade Commission Approves Settlement with Lenovo Over Ad Software
The Federal Trade Commission (FTC) has approved its proposed settlement with Lenovo, Inc. over the installation of pre-installed advertising software called VisualDiscovery onto Lenovo laptops. According to the FTC, the pre-installed software “interfered with how a user’s browser interacted with websites and created serious security vulnerabilities.”
The settlement requires Lenovo to not misrepresent the features…