$150,000 Settlement Suggested by Flowers Hospital for 2014 Data Breach

August 2, 2018


A class action court case tendered after a staff-member linked data breach at Flowers Hospital in Dothan, Alabama in 2014 is expected to be resolved. The agreement is pending final court endorsement, even though endorsement appears pending and a solution to this four-year legal fight is now achievable.

Unlike the bulk of class action litigations filed over the theft/exposure of PHI, this case involved the thievery of data by an insider instead of a cybercriminal. Moreover, the ex-staff member used PHI for identity thievery and scam and was convicted of those criminalities.

The breach happened when a former laboratory technician, Kamarian D. Millender, who was found in custody of paper records which included patients PHI. Millender confessed to using the data for identity thievery and for filing wrong tax returns in sufferers’ names. In December 2014, Millender got a two-year prison verdict.

In the class action litigation, filed in 2014, it was charged that between June 2013 and December 2014, paper records were abandoned unsafe and unprotected at the hospital and might have been taken by staff members or third parties. In the case of Millender, that is precisely what happened.

Flowers Hospital tried to have the litigation struck out, even though that attempt failed and the court case was given class action status in 2017. The decision has now been taken to resolve the legal action. The hospital has proposed a fund of up to $150,000 to cover out-of-pocket expenditures incurred by the 1,208 people affected by the breach. The agreement would provide each class member with up to $250 each, even though claims up to a total value of $5,000 would be studied.

To be entitled to get the compensation offered, class members would require to file legal claims. A legal claim would need a breach sufferer to show proof that they bought credit checking or identity thievery safety facilities in reaction to being warned about the breach.

Additionally, breach sufferers would be allowed to demand money for the time they spent organizing those facilities – up to four hours of recorded lost time – the cost of getting credit reports, and any un-reimbursed interest because of a delayed tax refund as a consequence of there being a fake tax return tendered between June 2013 and the claims closing date. The settlement doesn’t include any punitive damages.

If it transpires that the total claims amount is more than the allotted $150,000, all claims would be reduced, pro rata, so that the total claims value would not be more than $150,000.