CorrectCare Data Breach Lawsuit Settles for $6.9 Million

Sept. 25, 2024
Breach exposed sensitive information and left the personal data of 600,000 individuals vulnerable

 

HIPAA Journal’s Steve Alder reported on September 23 that the CorrectCare Integrated Health data breach lawsuit has been settled for $6.49 million. CorrectCare, a Kentucky-based medical claims processor for correctional facilities, experienced a cybersecurity breach between January 22, 2022, and July 7, 2022. The breach, affecting around 600,000 people, was not reported until November 2022.

“In July 2022, CorrectCare identified a misconfiguration on its web server that allowed two file directories to be accessed over the Internet without authentication,” Alder wrote.

Shub & Johns’s attorney, Benjamin F. Johns, filed a class action lawsuit against CorrectCare on December 7, 2022. “On September 17, 2024, Chief Judge Danny C. Reeves issued an order granting final approval to the $6.9 million settlement,” Alder stated.

Over 100,000 claims were filed, representing about 17 percent of the class action suit.