The University of Pittsburgh Medical Center (UPMC) recently settled a data breach class action for $450,000 stemming from a 2020 data breach that led to the compromise of about 36,000 UPMC patients.

UPMC is a Pennsylvania medical center and medical insurer. From April to June 2020, UPMC’s legal counsel, Charles J. Hilton PC, suffered a data breach that compromised its email accounts. As a result, UPMC information was also compromised, including patient names, Social Security numbers, birth dates, financial account numbers, identification numbers, signatures, medical records, and insurance information.

UPMC notified the affected patients in December 2020. The complaint alleges that UPMC had a duty to protect the patient data and failed to implement reasonable cybersecurity measures to do so. The lead plaintiff in the case alleged that after the incident occurred, he had a fraudulent Amazon credit card opened up in his name. He also claims that this led to significant time spent to mitigate the issue. Class members may receive up to $250 in cash payments for documented expenditures related to this incident, and up to $2,500 for documented identity theft loses or fraudulent charges, as well as up to $30 for undocumented time spent. All class members will also receive 12 months of free credit monitoring.

Photo of Kathryn Rattigan Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security…

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.