HIPAA Journal’s Steve Alder reported on September 23 that the CorrectCare Integrated Health data breach lawsuit has been settled for $6.49 million. CorrectCare, a Kentucky-based medical claims processor for correctional facilities, experienced a cybersecurity breach between January 22, 2022, and July 7, 2022. The breach, affecting around 600,000 people, was not reported until November 2022.
“In July 2022, CorrectCare identified a misconfiguration on its web server that allowed two file directories to be accessed over the Internet without authentication,” Alder wrote.
Shub & Johns’s attorney, Benjamin F. Johns, filed a class action lawsuit against CorrectCare on December 7, 2022. “On September 17, 2024, Chief Judge Danny C. Reeves issued an order granting final approval to the $6.9 million settlement,” Alder stated.
Over 100,000 claims were filed, representing about 17 percent of the class action suit.
