CorrectCare Integrated Health Settles Data Breach Lawsuit for $6.49 Million
A class action lawsuit against CorrectCare Integrated Health LLC (CorrectCare) over a 2022 data breach that affected around 600,000 individuals has been settled for $6.49 million. The settlement has recently been granted final approval by the court.
CorrectCare is a Kentucky-based third-party administrator that facilitates access to medical providers and manages the payment of medical claims for inmates at correctional facilities. In July 2022, CorrectCare identified a misconfiguration on its web server that allowed two file directories to be accessed over the Internet without authentication. The misconfiguration meant sensitive data was exposed over the Internet from January 22, 2022, to July 7, 2022, which included the data of individuals who received treatment between January 1, 2012, and July 7, 2022. The exposed data included names, dates of birth, inmate numbers, and limited health information, including diagnosis codes, CPT codes, treatment providers, dates of treatment, and for some individuals, Social Security numbers.
Read more at The HIPPA Journal