ROCHESTER, N.Y., Jan. 24, 2022 /PRNewswire/ -- A settlement has been reached with Excellus Health Plan Inc., affiliate companies and Blue Cross Blue Shield Association in class action litigation involving a cyberattack that led to a data breach in 2015. The Class includes individuals in the United States whose Personally Identifiable Information (PII) and/or Personal Health Information (PHI) was stored in Excellus's systems between December 23, 2013 and May 11, 2015, and who (1) are included in Excellus's list of Impacted Individuals and (2) whose PII and/or PHI currently resides in Excellus's systems.
Attorneys representing the class announced the settlement today, which was reached with Excellus, Lifetime Healthcare Inc., Lifetime Benefit Solutions Inc., Genesee Region Home Care Association Inc., MedAmerica Inc., Univera Healthcare and Blue Cross Blue Shield Association. The cyberattack affecting Excellus's computer network was discovered on August 5, 2015.
The lawsuit alleged that the companies failed to protect customer information, waited too long to inform customers about the breach and did not give customers adequate information about how to protect themselves after the breach. As part of the agreement, the Excellus companies and BCBSA deny any wrongdoing, and no court has made a determination that the Excellus defendants and BCBSA have done anything wrong.
For more information about the settlement, including Class Members rights, the Excellus Data Breach Settlement Notice can be found at https://excellusdatabreachclassaction.com/wp-content/uploads/2022/01/1042680.pdf and https://www.faraci.com/blog/2022/january/excellus-data-breach-settlement-notice/.
Plaintiffs were represented by attorneys at Faraci Lange LLP, Weitz & Luxenberg, Gibbs Law Group LLP and Cohen & Malad LLP.
"We are pleased to reach this settlement on behalf of our clients, whose personal information may have been compromised as a result of this data breach," said Hadley Lundback Matarazzo, partner, Faraci Lange LLP and co-lead counsel in the Excellus class action litigation. "According to this agreement, Excellus must make business-practice changes to better safeguard customer information in the future."
Under the agreement, the required business-practice changes include:
- Increasing and maintaining a minimum information security budget.
- Developing a strategy to ensure records containing personally identifiable information (PII) or personal health information (PHI) are disposed of within one year of the original retention period.
- Making its network more secure related to its tools, processes and systems for detecting suspicious activity, authenticating users, responding to/containing security incidents, and document retention.
- Engaging in an extensive data archiving program with respect to its databases that maintain PII and PHI.
In exchange for these business practice changes and information exchanges, class members will release all claims for injunctive and declaratory relief they may have against Excellus defendants and BCBSA – but will not release claims for monetary damages.
The court will conduct a Final Approval Hearing using the Zoom for Government platform on Wednesday, April 13, 2022 at 1 p.m. to determine whether to grant final approval to the settlement. Directions for accessing the Final Approval Hearing may be obtained by contacting Hon. Elizabeth A. Wolford's chambers at wolford@nywd.uscourts.gov or 585-613-4320.
About Faraci Lange LLP
Faraci Lange LLP (faraci.com) is a firm of trial lawyers with more than 45 years of experience representing injury victims in Western New York. The law firm's attorneys are recognized routinely by their peers as among the nation's best, with annual recognition in Best Lawyers in America and Super Lawyers. Faraci Lange has offices in Rochester, N.Y. and Buffalo, N.Y.
View original content:https://www.prnewswire.com/news-releases/settlement-reached-in-excellus-data-breach-lawsuit-301466672.html
SOURCE Faraci Lange LLP
