November 29, 2023 – PracticeMax Data Breach Lawsuit Settled for $3 Million
A federal judge has granted preliminary approval of a $3 million settlement that resolves the PracticeMax data breach lawsuit detailed on this page.
Don’t miss out on settlement news like this. Sign up forClassAction.org’s free weekly newsletter here.
The settlement, which received preliminary approval from United States District Judge Douglas L. Rayes on October 26, 2023, covers all U.S. residents to whom PracticeMax sent a Notice of Data Security Incident about the breach the company discovered on or about May 1, 2021.
The deadline to file a claim online or by mail is February 24, 2024. The only way to receive compensation from the settlement is by filing a valid claim. If you do nothing, you will receive no payment from the deal and be bound by its terms.
Class members who submit a valid and timely claim can receive up to $75 for up to three hours of lost time linked to the PracticeMax data breach. The settlement also allows for up to $500 in compensation for “ordinary losses,” i.e., documented out-of-pocket expenses, incurred as a result of the breach.
Further, a class member who was the victim of a documented identity theft can receive up to $3,500 through the deal, the website states. Lastly, the settlement provides eligible class members with two years of single-bureau credit monitoring and identity theft protection with $1 million in insurance.
To contact the settlement administrator for more information, or if you do not know your unique settlement ID, head to this page.
A final approval hearing is scheduled for March 14, 2024. It is typically after a settlement receives final approval from the court, and any appeals or objections are resolved, that payment begins to go out to claimants. The settlement website asks PracticeMax data breach victims to “[p]lease be patient,” as this process can take some time.
Get class action lawsuit news sent to your inbox – sign up forClassAction.org’s free weekly newsletter here.
PracticeMax, Inc. faces a proposed class action lawsuit over a 2021 data breach that reportedly compromised the sensitive information of more than 150,000 current and former patients.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
The 35-page lawsuit alleges PracticeMax, who provides billing, consulting and registration services to hospitals and other healthcare providers, failed to adequately safeguard patients’ data against unauthorized access and then failed to provide timely notice that their information had been exposed.
The case claims that the defendant’s failure to timely detect the breach and notify victims is a violation of Arizona law and has exposed those affected by the incident to a heightened risk of identity theft.
According to the suit, PracticeMax discovered around May 1, 2021 that hackers had “infiltrated its systems” and accessed patients’ protected health information. Per the case, the compromised data included the names; addresses; Social Security numbers; dates of birth; and treatment, diagnosis, health insurance and financial information of current and former patients of PracticeMax’s clients.
The lawsuit says that hackers had “unfettered access” to patients’ sensitive data from April 17 to May 5, 2021. According to the suit, the data breach was a direct result of PracticeMax’s failure to implement industry-standard cybersecurity measures and protocols. Though the company indicated that it had implemented “additional safeguards” in response to the breach, the suit argues that these measures should have been in place before the incident.
The case charges that PracticeMax failed not only to prevent the data breach but has not provided timely notice to victims who were affected. Per the suit, the company began sending data breach notices to victims around October 19, 2021—over five months after discovering the breach—but has sent additional notices since then, most recently in early June 2022.
“PracticeMax has failed to explain why it has taken over a year to notify all breach victims,” the complaint argues.
The suit further alleges that the defendant’s data breach notice “deliberately underplayed” the severity of the incident and failed to explain how the breach happened, how many people were affected, or why it took PracticeMax so long to notify victims.
Moreover, the case claims the defendant has failed to offer any complimentary credit monitoring and identity theft protection services to data breach victims, and has instead provided only “rudimentary instructions” for how to monitor their credit reports.
The lawsuit looks to represent anyone in the U.S. whose protected health information was compromised in the data breach disclosed by PracticeMax.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s newsletter here.
Hair Relaxer Lawsuits
Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.