Rocky Mountain Gastroenterology Data Breach Settlement
Individuals who received a notification from Rocky Mountain Gastroenterology Associates PLLC about a September 2024 data incident may be eligible to claim up to $1,000 in reimbursement for documented losses and two years of credit and medical identity monitoring from a class action settlement.
Rocky Mountain Gastroenterology Associates PLLC agreed to settle a class action lawsuit alleging it failed to implement and maintain reasonable security measures to protect private information, which resulted in a cyberattack in September 2024 that potentially exposed sensitive data.
Who can file a claim?
Individuals must meet the following criteria:
They reside in the United States.
They received a notification from Rocky Mountain Gastroenterology Associates PLLC by mail or email stating an unauthorized party may have accessed or acquired their private information during the September 2024 data incident.
Additional details:
The class includes both adults and minors. Parents or guardians may submit claims on behalf of minors who received a notification.
The class covers all individuals whose private information the September 2024 incident potentially compromised.
How much can class members get?
Eligible class members may receive:
Up to $1,000 in reimbursement for documented out-of-pocket losses fairly traceable to the data incident. Examples of eligible losses include:
fairly traceable to the data incident. Examples of
Source: https://www.claimdepot.com/settlements/rocky-mountain-settlement
Rocky Mountain Gastroenterology cybersecurity rating report: https://www.rankiteo.com/company/rmga---rocky-mountain-gastroenterology-associates
"id": "RMG1765216875",
"linkid": "rmga---rocky-mountain-gastroenterology-associates",
"type": "Breach",
"date": "9/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'All individuals '
'whose private '
'information was '
'potentially '
'compromised in the '
'September 2024 '
'incident',
'industry': 'Healthcare',
'location': 'United States',
'name': 'Rocky Mountain Gastroenterology '
'Associates PLLC',
'size': None,
'type': 'Healthcare Provider'}],
'customer_advisories': 'Notifications sent to affected '
'individuals about eligibility for '
'reimbursement and monitoring services',
'data_breach': {'data_encryption': None,
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (potential medical '
'and personal data)',
'type_of_data_compromised': 'Sensitive private '
'information'},
'date_detected': '2024-09-01',
'description': 'Rocky Mountain Gastroenterology Associates PLLC '
'agreed to settle a class action lawsuit alleging '
'it failed to implement and maintain reasonable '
'security measures to protect private '
'information, which resulted in a cyberattack in '
'September 2024 that potentially exposed '
'sensitive data.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Sensitive private information',
'downtime': None,
'financial_loss': 'Up to $1,000 reimbursement per '
'affected individual',
'identity_theft_risk': 'High (credit and medical '
'identity monitoring offered)',
'legal_liabilities': 'Class action lawsuit settlement',
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'post_incident_analysis': {'corrective_actions': None,
'root_causes': 'Failure to implement '
'and maintain '
'reasonable security '
'measures'},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'Class action settlement notice',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': 'Class action lawsuit '
'settlement',
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Notifications sent by '
'mail or email to '
'affected individuals',
'containment_measures': None,
'enhanced_monitoring': 'Two years of credit and '
'medical identity monitoring '
'offered to affected '
'individuals',
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'title': 'Rocky Mountain Gastroenterology Data Breach Settlement',
'type': 'Data Breach',
'vulnerability_exploited': 'Failure to implement and maintain '
'reasonable security measures'}