Solara Medical Supplies will Pay $9.76 Million to Resolve Data Breach

Solara Medical Supplies offered to pay $9.76 million to resolve a class-action lawsuit in connection with a 2019 data breach. This offer has gotten initial approval from the court.

Solara Medical Supplies, which supplies products and services to help people take care of their diabetes, encountered a phishing attack that permitted unauthorized individuals to access staff members’ Microsoft Office 365 email accounts between April 2, 2019 and June 20, 2019.

The email accounts comprised the protected health information (PHI) of patients and sensitive worker details, which include names, dates of birth, billing and claims information, health insurance details, medical data, financial account data and credit card numbers, driver’s license numbers, Social Security numbers, state ID numbers, and Medicare/Medicaid IDs. The breach report was sent to the HHS’ Office for Civil Rights as having affected 114,007 persons.

Legal action was undertaken on behalf of the people affected by the breach, with the class involving all people located in the United States and its regions who were advised in November 2019 concerning the compromise of their data. The plaintiffs claimed Solara Medical Supplies was negligent regarding not averting the breach.

Solara Medical Supplies does not admit any wrongdoing and liability and feels there are meritorious defenses and legal concerns to the plaintiffs’ remarks; nonetheless, opted for negotiating the legal action to avoid more legal charges and to avert the uncertainty of a lawsuit.

Based on the provisions of the settlement, a $5.06 million fund will be set to take care of expenditures linked to the administration of the agreement, attorneys’ charges, and payments to class members. All persons who file a legal claim will be permitted to collect a $100 cash refund, which could be adjusted more or less dependent on the number of people who send a claim.

Solara Medical Supplies has determined to take action to enhance security to avert additional data breaches, like using systems for discovering suspicious activity, multifactor authentication, upgrades to email blocking, and other security options, which were calculated to cost $4.7 million in the subsequent 5 years.

The settlement has gotten preliminary acceptance from the court and the scheduled final hearing for the settlement is on September 12, 2022. The last day for sending a claim is August 8, 2022, and the due date for disagreeing with the proposed settlement or asking to be not included in the settlement is August 22, 2022.

Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.