UnityPoint Health, a provider in Iowa, Illinois and Wisconsin, agreed to settle a class action alleging it was to blame for cyber-criminals accessing 1.4 million employees’ and patients’ data.
Each class member will get up to $1,000 for ordinary, and $6,000 for extraordinary, expenses, according to the preliminary settlement filed June 25 in the U.S. District Court for the Western District Of Wisconsin.
UnityPoint will also provide credit monitoring and identity theft protection services for a year and improve its network and data security, according to the agreement, which requires court approval.
The company added safeguards following the phishing attacks in 2018, UnityPoint said in an emailed statement. “We continually evaluate and modify our security practices,” the company said.
Cyber-criminals used employee email accounts to get information such as patient names, addresses, birth dates and Social Security numbers, plaintiffs alleged in the suit.
Keller Rohrback LLP and Law Offices of Ronald A. Marron represent the plaintiffs and the class.
The case is Fox v. Iowa Health System, W.D. Wis., No. 18-cv-00327, motion 6/25/20.