Mercy Health settles data breach lawsuit for $1.8 million

Healthcare provider Mercy Health, operating in northern Illinois and southern Wisconsin, has agreed to a $1.8 million settlement to resolve a class action lawsuit stemming from a 2020 data breach involving an employee’s unauthorized access to patient information. The settlement benefits individuals who received a notification from Mercy Health in December 2020 indicating their or their child’s information may have been improperly accessed.

The breach, disclosed by Mercy Health through a notification, occurred when a now-former employee accessed patient records without authorization. The plaintiffs in the lawsuit argued that Mercy Health could have prevented the incident with better cybersecurity and access control measures. Despite not admitting any wrongdoing, Mercy Health agreed to the settlement to address the claims.

The settlement allows affected individuals to claim financial compensation. Class members are eligible for a flat payment of up to $90. Those who can document expenses related to the breach may receive an additional $300 in reimbursement.

Class members must submit a valid claim form by June 10, 2024, to benefit from the settlement. The deadline for exclusion and objection is also June 10, 2024. A final approval hearing for the settlement is scheduled for June 18, 2024.

The settlement aims to compensate those affected by the breach and to resolve the legal issues surrounding Mercy Health’s data security practices. Individuals eligible for the settlement include those notified by Mercy Health in December 2020 about the potential unauthorized access to their information. Class members must provide proof of purchase, such as receipts, invoices, or account statements, to claim reimbursement for documented expenses related to the data breach.