The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Maxim HealthCare Services Proposes Settlement to Resolve Email Breach Lawsuit

A settlement has been proposed by Maxim HealthCare Services to resolve all claims related to a 2020 cyberattack and data breach involving unauthorized access to multiple employee email accounts. The email accounts were compromised between October 1, 2020, and December 4, 2020, but the unauthorized access was not discovered until November 2021.

The review of the email accounts confirmed they contained protected health information such as names, addresses, dates of birth, phone numbers, provider names, medical histories, medical conditions, treatment information, medical record numbers, diagnosis codes, patient account numbers, Medicare/Medicaid numbers, usernames/passwords, and some Social Security numbers. The breach was reported to the HHS’ Office for Civil Rights as affecting 65,267 patients.

A lawsuit – Wilson, et al. v. Maxim Healthcare Services Inc. – was filed in response to the data breach in the Superior Court of the State of California County of San Diego that alleged Maxim HealthCare Services failed to implement appropriate security measures to prevent unauthorized access to patient data. Maxim HealthCare Services chose to settle the lawsuit to avoid further legal costs and the uncertainty of trial. Maxim HealthCare Services denies all claims made in the lawsuit and maintains there was no wrongdoing. The proposed settlement applies to all individuals who were notified that they had been affected by the breach and had their protected health information exposed.

Under the terms of the settlement, claims will be accepted up to a maximum of $5,000 for each class member for reimbursement of extraordinary expenses incurred as a result of the data breach, including up to three hours of lost time at $20 per hour. Individuals who were California Residents between October 1, 2020, and December 4, 2020, are entitled to receive a flat monetary benefit of approximately $100 which can be combined with claims for reimbursement of extraordinary expenses. All class members will be entitled to receive 12 months of free identity theft protection services, regardless of whether they submit a claim.

Get the FREE
HIPAA Compliance Checklist

Delivered via email so please ensure you enter your email address correctly.

Your Privacy Respected

HIPAA Journal Privacy Policy

The deadline for exclusion from and objection to the proposed settlement is June 23, 2023. The deadline for submitting claims is July 24, 2023. The final approval hearing has been scheduled for July 28, 2023. Maxim HealthCare Services has implemented or will implement additional security measures to prevent similar incidents in the future.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.


Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist