Oklahoma Spine Hospital has agreed to pay $1,100,000 to settle a class action lawsuit stemming from a July 2024 data breach that affected almost 39,000 current and former patients. A potential email account breach was detected on or around July 1, 2024. The forensic investigation confirmed that sensitive patient data was exposed and potentially acquired by an unauthorized individual, including first and last names, dates of birth, financial account numbers and routing numbers, health insurance information, medical information, payment card information, and driver’s license information. The data breach affected 38,945 current and former patients.
Two class action lawsuits were filed in response to the data breach, the first of which was filed in the Oklahoma District Court of Oklahoma County on November 15, 2024. The lawsuits were combined into a single complaint – In re: Oklahoma Spine Hospital Data Breach Litigation – as they had overlapping claims. The lawsuit asserted claims of negligence, negligence per se, breach of implied contract, unjust enrichment, and breach of fiduciary duty. Oklahoma Spine Hospital denies all liability and wrongdoing of any kind.
All parties agreed to resolve the lawsuit with a settlement, as the litigation would likely be protracted and expensive, and to avoid the uncertainty of a trial and related appeals. Oklahoma Spine Hospital has agreed to establish a $1,100,000 settlement fund to cover attorneys’ fees and expenses, settlement administration and notification costs, and service awards for the six named plaintiffs. The remainder of the fund will be used to pay benefits to the class members.
Class members are entitled to claim three years of single-bureau credit monitoring services, which include a $1 million identity theft insurance policy, dark web scanning, and comprehensive public records monitoring. Class members may also submit a claim for reimbursement of documented, unreimbursed losses resulting from the data breach up to a maximum of $10,000 per class member.
All class members may also claim a one-time pro rata cash payment. The cash payments will exhaust any remaining funds, and are expected to be around $100, but may be higher or lower depending on the number of valid claims received. The settlement has received preliminary approval from the court, and claims must be submitted by January 7, 2026. The final approval hearing has been scheduled for February 17, 2026.
The post Oklahoma Spine Hospital Agrees to $1.1M Data Breach Settlement appeared first on The HIPAA Journal.
Hackers Use Fake NPM Install Alerts To Distribute RAT Malware In Open Source Ecosystem – cyberpress.org
Hackers Use Fake NPM Install Alerts To Distribute RAT Malware In Open Source Ecosystem cyberpress.org
