Quest Diagnostics Settlement of 2016 Data Breach Finally Approved

A federal judge has finally approved the settlement concerning Quest Diagnostics Inc. to take care of a class-action lawsuit connected with its 2016 data breach. The medical lab company in New Jersey is going to pay a $195,000 settlement, which allocates to each breach victim about $325 compensation.

On November 26, 2016, the attackers accessed the Care360 MyQuest mobile application that patients use to save and share their digital test results and schedule visits. The health application saved names, phone numbers, birth dates, and laboratory test findings which, for certain patients, listed their HIV test findings. The breach impacted 34,000 patients.

As per the class action lawsuit submitted on behalf of the victims of the breach in 2017, Quest Diagnostics had been negligent in securing the sensitive information of application end users. The lawsuit claims that although Quest Diagnostics was aware that it was holding sensitive Private Data making it invaluable and prone to web attackers, it was unable to take sufficient actions that should have safeguarded the data of users. The plaintiffs likewise claimed that Quest Diagnostics failed to send prompt, correct, and ample notification concerning the breach.

In the fall of 2019, Quest Diagnostics made a settlement offer that gives payment to the victims of the breach to avert further legal expenditures and the trouble of extended litigation. The proposal offered at most $325 for each breach victim, which mirrored the advantages and disadvantages of the claims and defenses in the lawsuit. Quest Diagnostics along with the other defendants included in the lawsuit did not confess to any wrongdoing.

A federal court judge issued initial approval of the settlement got last October 2019. The finalized approval was granted on February 25, 2020.

Every class member could claim as much as $325, which is composed of approximately $250 to take care of provable out-of-pocket expenditures accrued resulting from the breach. An additional $75 could be received by every patient whose HIV test findings were compromised, although patients didn’t suffer any losses. The plaintiffs need to file a claim to obtain a percentage of the settlement and they ought to file the claims by May 22, 2020.

A further class action lawsuit was submitted against Quest Diagnostics and Care360 concerning the theft of more or less 12 million patient files from the American Medical Collection Agency (AMCA), its business associate in 2019. The plaintiffs in that lawsuit, in the same way, assert the neglect of the defendants therefore unable to secure their private and protected health information (PHI) and didn’t send prompt and correct notifications.