Post Meds recently settled a class action lawsuit for $7.3 million following a 2023 data breach exposing the information of millions of affected individuals.
What happened
A data breach experienced by Post Meds in 2023 prompted several class action lawsuits, consolidated into In Re: Post Meds, Inc. Data Breach Litigation. Plaintiffs, including John Rossi, Micheal Thomas, and Marissa Porter, represented by attorneys such as Gary M. Klinger and James J. Pizzirusso alleged negligence and the breach of implied contract.
After extensive negotiations, Post Meds agreed to a $7.5 million settlement, which received preliminary approval from Judge Gilliam on November 26, 2024. Post Meds has since claimed to have improved security measures to avoid a similar incident from occurring again.
The backstory
Between August 30 and September 1, 2023, an unauthorized third party gained access to files used for pharmacy management and fulfillment services. These files contained information like patient names, medication types, and the prescribing physicians but not Social Security numbers. On October 2023, Post Meds began notifying the 2,364,359 affected individuals.
What was said
The initial notice of data breach from Post Meds provides, “On August 31, 2023, we discovered that a bad actor gained access to a subset of files used for pharmacy management and fulfillment services. We immediately launched an investigation with assistance from cybersecurity professionals and worked quickly to secure our environment.”
Related: HIPAA Compliant Email: The Definitive Guide
FAQs
What is a class action lawsuit?
A class action lawsuit is a legal case involving a group of people with similar complaints uniting to sue an entity.
How can data breaches impact patients?
Data breaches can expose patients' protected health information (PHI) leading to privacy violations.
Are pharmacies covered entities?
Yes, pharmacies are covered entities under HIPAA. It means that they must follow specific rule to protect PHI and limit access to it.
Kirsten Peremore
