Solara Medical Supplies to Pay $9.76 Million to Settle Data Breach

Solara Medical Supplies proposed to pay $9.76 million as a settlement for a class-action lawsuit associated with a 2019 data breach. This proposal has obtained preliminary approval from the court.

Solara Medical Supplies, which offers products and services to help patients deal with their diabetes, suffered a phishing attack that allowed unauthorized persons to access employees’ Microsoft Office 365 email accounts from April 2, 2019 to June 20, 2019.

The email accounts included the protected health information (PHI) of patients and sensitive employee data, such as names, birth dates, billing and claims information, medical insurance details, medical records, financial account data, and credit card numbers, driver’s license numbers, state identification numbers, Social Security numbers, and Medicaid/Medicare IDs. The breach report was submitted to the HHS’ Office for Civil Rights as impacting 114,007 people.

Legal action was taken on behalf of the victims of the breach, with the class engaging all persons living in the United States and its territories who were informed in November 2019 regarding the exposure of their information. The plaintiffs purported Solara Medical Supplies was negligent with regard to not preventing the breach.

Solara Medical Supplies does not accept any wrongdoing and liability and is convinced there are meritorious defenses and legal issues to the plaintiffs’ statements; nevertheless, decided to resolve the lawsuit to avoid additional legal expenses and to prevent the uncertainty of litigation.

According to the conditions of the settlement, a $5.06 million fund will be allotted to pay for expenses related to the administration of the resolution, attorneys’ costs, and payments to class members. All people who file a legitimate claim will be qualified to get a $100 cash payment, which can be adjusted up or down based on the number of persons who send a claim.

Solara Medical Supplies has agreed to do something to boost security to avert further data breaches, for example employing systems for identifying suspicious activity, multifactor authentication, enhancements to email filtering, and other security procedures, which were approximated to cost $4.7 million over the following 5 years.

The settlement has received initial acceptance from the court and there will be a final hearing for the settlement on September 12, 2022. The last day for filing a claim is August 8, 2022, and the due date for objecting to the settlement or requesting to be excluded from the proposed settlement is August 22, 2022.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at