In the M&D Capital Data Breach Litigation involving M&D Capital Premier Billing, LLC and Island Ambulatory Surgery Center, LLC, the parties reached a $1 million class action settlement to resolve claims arising from a data breach discovered on July 8, 2023.
What happened
The settlement covers the unauthorized acquisition of Settlement Class Members’ private information, including names, addresses, Social Security numbers, medical billing and insurance details, and certain medical information.
The backstory
The events leading up to the M&D Capital Data Breach Litigation began with a data incident discovered on or about July 8, 2023, in which unauthorized actors accessed sensitive information belonging to patients and clients of M&D Capital Premier Billing, LLC, and Island Ambulatory Surgery Center, LLC. The breach exposed a wide range of private data.
Once the incident was identified, affected individuals were notified on or about March 18, 2024, alerting them to the potential misuse of their personal information. In response, a group of plaintiffs, led by Jacqueline Skolnick, filed a class action lawsuit on behalf of all affected individuals, asserting claims of negligence, breach of implied contract, and unjust enrichment, arguing that the defendants failed to adequately protect sensitive data.
What was said
According to the settlement document, “Defendants have entered into this Agreement to resolve all controversies and disputes arising out of or relating to the allegations made in the Complaint and the Data Incident as it relates to Defendants, and to avoid the litigation costs and expenses, distractions, burden, expense, and disruption to their business operations associated with further litigation. Defendants do not in any way acknowledge, admit to, or concede any of the allegations made in the Complaint, and expressly disclaim and deny any fault or liability, or any charges of wrongdoing that have been or could have been asserted in the Complaint.”
Why it matters
While smaller in scale compared to the $9.76 million Solara Medical Supplies settlement announced by the HHS Office for Civil Rights (OCR) in 2024, which arose from a 2019 phishing attack affecting over 114,000 patient records, the M&D Capital settlement reflects a similar pattern of regulatory and legal pressure on healthcare organizations to protect patient information. Both settlements show how plaintiffs and regulators are using class action lawsuits and enforcement actions to hold organizations accountable for data incidents, incentivizing stronger cybersecurity measures.
See also: HIPAA Compliant Email: The Definitive Guide (2025 Update)
FAQs
What is a class action settlement?
It’s an agreement to resolve a lawsuit involving a large group of people (the class) without going to trial. All class members benefit if they file a claim.
What does a class action settlement mean for healthcare providers?
It represents a resolution of legal claims without going to trial. Providers can avoid prolonged litigation, reduce legal costs, and manage reputational risks while still complying with court requirements.
How can a settlement impact a provider’s operations?
Providers may need to review and strengthen their data security and privacy practices, implement corrective measures, and cooperate with settlement administration, including notifying affected patients if required.
Does a settlement imply the provider admitted wrongdoing?
No. Settlements often resolve disputes without any admission of liability, but providers may still face reputational scrutiny and regulatory oversight.
Kirsten Peremore
