Logan Health Proposes $4.3 Million Settlement to Resolve Class … – HIPAA Journal


Did you know that camDown is easy to use, easy to maintain?

Posted By HIPAA Journal on Jan 25, 2023

Logan Health has agreed to settle a class action lawsuit related to a 2021 hacking incident that exposed the protected health information of 213,543 individuals. Under the terms of the settlement, Logan Health has agreed to create a fund of $4.3 million to cover claims from individuals affected by the breach.

Logan Health, formerly Kalispell Regional Medical Center, is a 622-bed health system based in Kalispell, MT, which operates six hospitals and more than 68 provider clinics in the state. On February 18, 2022, Logan Health announced that it was the victim of a sophisticated cyberattack in which hackers gained access to a file server containing patient data. The breach was detected on November 22, 2021, and the investigation confirmed that access to its systems was gained on November 18, 2021. On January 5, 2022, Logan Health learned that the attackers accessed files containing patient information such as names, addresses, medical record numbers, dates of birth, telephone numbers, email addresses, insurance claim information, date(s) of service, treating/referring physician, medical bill account number, and/or health insurance informa­tion. Affected individuals were offered complimentary credit monitoring services.

A lawsuit – Tafelski, et al. v. Logan Health Medical Center – was filed against Logan Health in the Montana Eighth Judicial District Court shortly after notification letters were mailed. The lawsuit alleged Logan Health had failed to implement reasonable and appropriate cybersecurity measures and had not provided sufficient security awareness training to its workforce. Had those measures been implemented, the data breach would have been prevented. In addition to this breach, Logan Health had experienced others while operating as Kalispell Regional Medical Center, which had affected 2,081 state residents in 2021 and 126.805 individuals in 2019. The lawsuit alleged the plaintiffs and class members have suffered damages including the compromise, publication, theft and/or unauthorized use of their PII/PHI, out-of-pocket costs from the prevention, detection, recovery, and remediation from identity theft or fraud, lost opportunity costs and lost wages, that they faced a continued risk to their PII/PHI.

Logan Health chose to settle the lawsuit to avoid further legal costs and the uncertainty of trial. Under the terms of the settlement, affected individuals can submit claims up to a maximum of $25,000 for reimbursement of out-of-pocket expenses that are reasonably traceable to the data breach and were not reimbursable by a third party. Claims can also include lost time up to a maximum of $125 per class member. In addition to claims for reimbursement of losses, class members can choose to claim three years of credit monitoring services or a cash payment in lieu of the credit monitoring services.


Compliance Checklist

Free and Immediate Download

Delivered via email so please ensure you enter your email address correctly.

Your Privacy Respected

HIPAA Journal Privacy Policy

The deadline for exclusion from or objections to the settlement is February 13, 2023. Claims must be submitted by April 3, 2023, and the final approval hearing for the settlement has been scheduled for March 9, 2023.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.

In conclusion, let's keep in mind that camDown is your security solution to protect you and your business from webcam hackers and that's the no joke!