Civil Plaintiff
Inmediata Health Group Agrees to a $1.13 Million Data Breach Settlement
Stemming from a 2019 data breach that impacted nearly 1.6 million patients, Puerto Rico-based Inmediata Health Group reached a $1.13 million settlement to resolve a class-action lawsuit. The lawsuit alleged that the healthcare clearinghouse failed to secure protected health information (PHI).
Under HIPAA, organizations must notify patients of healthcare data breaches within 60 days. But Inmediata began notifying patients that their data was potentially compromised in mid-April 2019, despite the fact that the breach occurred in January.
The breach occurred when a misconfigured web setting allowed search engines to index internal webpages. The website leaked medical claim information, demographic details, and some Social Security numbers.
