San Diego Family Care To Pay $1 Million Settlement to End Class Action Data Breach Case

San Diego Family Care, a dental, medical, & mental health services provider in California, has decided to settle a class-action lawsuit filed by patients impacted by a data breach in 2020.

The data breach that resulted in the lawsuit was reported by the healthcare company in May 2021. The breach report sent to the HHS’ Office for Civil Rights (OCR) indicated that 125,500 patients were affected, even though the total was eventually changed to 154,513 patients. The exposed information included names, birth dates, government ID numbers, Social Security numbers, medical diagnosis or treatment details, medical insurance data, financial account numbers, and client identification numbers.

The data breach that involve the usage of ransomware happened in December 2020 at Netgain Technologies. Technology company and business associate Netgain Technologies apparently gave a $2.3 million ransom payment in exchange for the keys to decrypt the information and stop any more breaches of data. San Diego Family Care was among the healthcare companies that experienced data breaches due to the attack.

Soon after informing the impacted persons, there were two class-action lawsuits submitted against San Diego Family Care because of the data breach. Though the ransomware attack wasn’t executed on San Diego Family Care, victims in the legal case claimed that San Diego Family Care was unable to safeguard patient data, hadn’t used adequate data security steps, and failed to send notification letters on time. Netgain Technologies alerted San Diego Family Care concerning the security breach last January 2021, nevertheless the notification letters were not sent to the affected people until May.

San Diego Family Care hasn’t agreed to any wrongdoing and didn’t admit any liability for the information breach; yet did decide to resolve the legal case. The offered settlement will create funding of $1,000,000 to handle claims from impacted people. Claims can be sent to a base compensation of approximately $100 for every individual, as much as $1,000 for usual out-of-pocket charges, and around $5,000 for remarkable out-of-pocket expenditures.

Evidence of losses and expenses must be submitted with claims, for example, proof of fraudulent payments, payments for credit monitoring services, and other costs. Persons will likewise be given free identity theft protection services. The codes for initiating those services are going to be mailed to persons who publish a claim. Applicable claims ought to be sent by July 15, 2022, and the final authorization for the settlement is timetabled for July 29, 2022.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at