in Newswire Published on March 27, 2023

CorrectCare Sued Over 2022 Data Breach Affecting 1.5M Consumers [UPDATE]

by Kelly Mehorter

Last Updated on August 16, 2024

View Comments

Oliver et al. v. CorrectCare-Integrated Health, LLC

Filed: March 19, 2023 § 1:23-cv-01168

Read Complaint

CorrectCare faces a class action over a 2022 data breach that impacted almost 1,500,000 individuals.

Defendant(s)

CorrectCare-Integrated Health, LLC

Law(s)

State(s)

Georgia

Categories

Privacy Data Breach

August 16, 2024 – CorrectCare Settles Data Breach Lawsuit for $6.49M

United States District Judge Danny C. Reeves has granted preliminary approval to a $6.49 million settlement that resolves the proposed class action detailed on this page, which was consolidated with a similar lawsuit filed over the 2022 CorrectCare data breach.

Don’t miss out on settlement news like this. Sign up for ClassAction.org’s free weekly newsletter here.

The deal covers anyone whose personal information was compromised as a result of the CorrectCare data incident. The official settlement website can be found at CorrectCareSettlement.com.

Class members who submit a timely, valid claim are eligible to receive reimbursement for up to $10,000 to cover out-of-pocket expenses fairly traceable to the data breach. Alternatively, class members can file a claim for a pro-rated cash payment in lieu of a payment for out-of-pocket losses.

California residents will automatically receive an additional cash payment, regardless of which option they choose, the settlement website states.

To file a claim, head to this page and enter the class member ID included in your settlement notice. If you did not receive a class member ID, you must register here.

The deadline to file a claim form is August 27, 2024. You can contact the settlement administrator with any questions by heading here.

A final approval hearing is slated for September 16, 2024. Compensation will begin to go out to consumers if and when the CorrectCare settlement is given final approval and any appeals are resolved.

Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.

CorrectCare-Integrated Health, LLC faces a proposed class action over a 2022 data breach that impacted almost 1,500,000 individuals, including those who have “interacted with” the Georgia Department of Public Safety and Corrections and county jails statewide.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 21-page case claims CorrectCare, which provides medical claims processing for correctional facilities, discovered on July 6, 2022 that two file directories on its web server containing patient information had been “inadvertently exposed” to the public internet as early as January 22, 2022. According to the suit, the breach was a direct result of CorrectCare’s failure to implement adequate cybersecurity procedures.

Per the case, CorrectCare had a legal duty under the Health Insurance Portability and Accountability Act (HIPAA) to comply with industry standards to safeguard patients’ medical information.

To compound matters, CorrectCare failed to provide victims timely notice of the incident and instead waited until November 28 to inform affected individuals that their names, dates of birth, Social Security numbers and certain “limited health information, such as a diagnosis code and/or CPT code” had been publicly exposed, the complaint contends.

The complaint stresses that affected individuals now face an “increased and imminent” risk of fraud and identity theft that may continue for years to come.

The three plaintiffs, who are currently serving sentences in the Georgia Department of Corrections, say they had their sensitive information entrusted to CorrectCare after receiving various medical treatments while incarcerated. Since the cyberattack, the plaintiffs have been placed in collections after having their bank accounts, credit cards and other consumer accounts hacked, the suit says.

“CorrectCare’s data security obligations were particularly important given the substantial increase in cyber-attacks and/or data breaches preceding the date they disclosed the incident,” the suit states, adding that the FBI had even warned CorrectCare and other companies in the healthcare industry in August 2014 that hackers were targeting them.

The lawsuit seeks to represent any Georgia Department of Corrections inmates or pretrial detainee inmates whose private health information was compromised as a result of the data breach discovered by CorrectCare on or around June 6, 2022.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org's free weekly newsletter here.

Case Spotlight

Video Game Addiction Lawsuits

If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.

Learn more:Video Game Addiction Lawsuit

Depo-Provera Lawsuits

Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.

Read more: Depo-Provera Lawsuit

How Do I Join a Class Action Lawsuit?

Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?

Read more here: How Do I Join a Class Action Lawsuit?

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

Open Document
Last Updated on August 16, 2024 — 4:18 PM

Kelly Mehorter

kelly@classaction.org

Kelly works primarily on ClassAction.org’s newswire, reporting on cases as they happen.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.