Hypertension Nephrology Associates, P.C. Data Breach Settlement
Current and former patients who received a notice that their personal and protected health information may have been compromised in the January 2024 Hypertension-Nephrology Associates P.C. data breach, may be eligible to submit a claim for a cash payment and credit monitoring from a class action settlement.
Hypertension Nephrology Associates P.C. (HNA), in Pennsylvania, has agreed to pay $625,000 to settle a class action lawsuit alleging it failed to adequately protect patient data during a ransomware attack that potentially exposed sensitive personal and health information. The cybersecurity incident impacted 39,491 patients.
Who can file a claim for a data breach payout?
Class members are residents of the United States who received a notice from Hypertension Nephrology Associates P.C. that their private information may have been accessed, stolen, or compromised as a result of the January 2024 data breach.
How much will the class action settlement payment be?
Class members have the following options:
Documented loss payment: Class members can claim up to $5,000 for for actual, documented unreimbursed monetary losses related to the data incident.
Class members can claim up to $5,000 for for actual, documented unreimbursed monetary losses related to the data incident. Cash award : Class members that do not submit a documented loss payment claim can submit to receive a pro rata cash payment from the remaini
Source: https://www.claimdepot.com/settlements/hna-data-settlement
Nephrology Associates, P.C. cybersecurity rating report: https://www.rankiteo.com/company/nephtn
"id": "NEP1764771321",
"linkid": "nephtn",
"type": "Ransomware",
"date": "1/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '39,491 patients',
'industry': 'Healthcare',
'location': 'Pennsylvania, USA',
'name': 'Hypertension Nephrology '
'Associates, P.C. (HNA)',
'size': None,
'type': 'Healthcare Provider'}],
'attack_vector': 'Ransomware',
'customer_advisories': 'Notices sent to affected patients '
'regarding eligibility for settlement '
'claims',
'data_breach': {'data_encryption': None,
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': '39,491',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal '
'information',
'Protected health '
'information']},
'date_detected': '2024-01',
'description': 'Hypertension Nephrology Associates P.C. (HNA) '
'experienced a ransomware attack in January 2024 '
'that potentially exposed sensitive personal and '
'health information of 39,491 patients. The '
'company has agreed to pay $625,000 to settle a '
'class action lawsuit alleging failure to '
'adequately protect patient data.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Personal and protected health '
'information',
'downtime': None,
'financial_loss': '$625,000 (settlement amount)',
'identity_theft_risk': 'High',
'legal_liabilities': 'Class action lawsuit',
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Settled',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'Class action settlement notice',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': 'Class action lawsuit',
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Notices sent to affected '
'patients',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'title': 'Hypertension Nephrology Associates, P.C. Data Breach '
'Settlement',
'type': 'Data Breach'}