The physician-owned spine hospital has reached a settlement following a 2024 data breach.
What happened
Oklahoma Spine has agreed to settle a lawsuit stemming from a breach that took place on July 1st, 2024, and impacted approximately 38,945 individuals.
The suit was represented by six plaintiffs who were victims of the data breach. Initially, two suits were filed in response to the breach, but they were ultimately consolidated into one complaint: In re: Oklahoma Spine Hospital Data Breach Litigation. The lawsuit claimed that Oklahoma Spine had been negligent, breached an implied contract, and breached a fiduciary duty. Oklahoma Spine denies any wrongdoing or liability, but decided to settle the suit to avoid trial.
Ultimately, Oklahoma Spine agreed to a $1.1 million settlement that will go towards attorney fees, settlement administration costs, services awards to the six plaintiffs, and funds for the other class members.
The backstory
The incident is the result of a data breach previously reported by Paubox. The incident impacted names, birth dates, financial accounts and routing numbers, health insurance information, medical records, payment card details, and driver’s license numbers. A report to the Texas Attorney General also mentioned a potential impact to Social Security numbers, but this was not mentioned in the hospital’s notice.
The big picture
Although Paubox covers many data breaches, each one can have an extensive impact on organizations and victims. Once data is available on the dark web, it’s impossible to fully take it off, meaning that those impacted could become victims of attempted identity theft or fraud. When financial information especially is accessed, it can allow malicious actors to infiltrate banking or other financial systems, potentially leading to direct, monetary consequences for patients. According to Paubox reports, every breach can have a “real human cost” via a “direct and significant threat to patient safety,” which can be caused by financial harm, but also growing distrust in healthcare systems if people believe their data is not protected.
FAQs
Why do hospitals want to avoid trial for class action suits?
Hospitals may settle class action suits for several reasons; namely, that taking a case to trial can be an expensive and lengthy process, especially if the hospital believes they may lose the case. A settlement also allows organizations to deny wrongdoing, rather than being declared at-fault. Lastly, agreeing to a settlement can prevent additional lawsuits regarding the incident from coming up in the future.
What is a breach of implied contract and fiduciary duty?
A breach of an implied contract means that an organization or individual failed to meet an expected obligation, even if no official document was signed. In this case, the plaintiffs allege that Oklahoma Spine had an obligation (even if unspoken) to protect class members’ data. A breach of fiduciary duty is when someone in a position of power, like an attorney, doctor, or hospital administrator, causes harm to an individual they were supposed to be acting in the best interest of.
Abby Grifno
