In February 2023, UMass Memorial Health Center agreed to pay $1.2 million to settle class action claims arising out of a data breach that occurred between June 2020 and January 2021, potentially exposing protected health information (PHI) for nearly 3,000 UMass patients. The records may have included medical record numbers, dates of service, diagnoses, information on procedures, driver license numbers, Social Security numbers, and financial account information.
Under the terms of the settlement, impacted class members could file claims for up to $150 in reimbursement for “ordinary expenses,” such as bank fees; phone charges; postage; and “up to three hours of lost time at a rate of $25 per hour.” Furthermore, claimants may be able to seek up to $5000 for “extraordinary reimbursements,” including actual monetary losses from the breach.
Subsequently in May 2023, UMass Memorial Medical Center, Inc. and UMass Memorial Health Care, Inc. agreed to pay another $1.2 million to settle a lawsuit brought in 2022 by a class of Medical Center employees following a breach of the Medical Center’s payroll system in December 2021. That breach led to a shutdown of the payroll system for over a month. Plaintiffs contended that not only was their personally identifiable information disclosed, but they were also not paid wages timely and properly. Under the settlement, the UMass entities pay $1.2 million into a fund to cover payments to class members, expenses of the litigation, and attorneys’ fees.