Two major healthcare data breach lawsuits have reached settlement agreements this week, as the cost of privacy failures continues to mount for the healthcare sector. Drug and Alcohol Treatment Services agreed to a $549,000 settlement for a 2024 ransomware attack, while Memorial Healthcare Services settled pixel tracking litigation for $750,000.
Drug and Alcohol Treatment Services Ransomware Settlement
Drug and Alcohol Treatment Services, Inc., a Scranton, Pennsylvania-based provider of addiction services, has agreed to settle class action litigation stemming from an October 2024 ransomware attack. The attack resulted in the theft of personal and protected health information of 22,215 patients, including names, Social Security numbers, health insurance information, medical billing data, and diagnosis and treatment information.
Eight class action lawsuits were filed in response to the breach and were consolidated into a single complaint. The defendant established a $549,000 settlement fund, from which attorneys’ fees, administrative costs, and service awards will be paid before class members receive compensation. The defendant denies all claims of wrongdoing.
Memorial Healthcare Services Pixel Settlement
Memorial Healthcare Services, a nonprofit healthcare provider serving patients in Southern California, has agreed to settle a class action lawsuit over its use of pixels and web analytics tools on its website. The lawsuit alleged that patient data was collected and transferred to third parties like Facebook and Google without patient knowledge or consent, in violation of the California Invasion of Privacy Act.
The $750,000 settlement covers individuals who accessed the Memorial Health Services patient portal between March 7, 2022, and July 8, 2022. The claims deadline is August 21, 2026. Memorial Healthcare Services maintains there was no wrongdoing.
Growing Liability for Healthcare Data Incidents
These settlements underscore the growing financial liability healthcare organizations face from data breaches and privacy violations. With ransomware attacks, pixel tracking litigation, and improper data disposal incidents all generating costly class action lawsuits, healthcare providers face mounting pressure to strengthen their cybersecurity and privacy compliance programs.
