A settlement has been approved to resolve a class action lawsuit against East Carolina Health (EC Health) that stemmed from a 2023 data breach that affected 19,085 individuals.The data breach occurred at East Carolina University’s Brody School of Medicine, a member of EC Health, and was discovered on or around December 21, 2023. Electronic files containing patients’ protected health information were inadvertently made available to ECU students, employees, and certain ECU Health-employed clinicians who did not require access between July 2022 and January 2024. The files contained names, health insurance information, and diagnostic and/or clinical information. The affected individuals were notified on February 20, 2024.The lawsuit — *Kaitlyn Hill. v. East Carolina Health* — was filed in the Superior Court of North Carolina, Pitt County on April 12, 2024. The lawsuit alleged an impermissible disclosure of protected health information in violation of the requirements of the Health Insurance Portability and Accountability Act (HIPAA). There is no private cause of action in HIPAA, and the lawsuit was not based on direct violations of HIPAA, but the defendant was charged with legal violations predicated on its duties under HIPAA.The lawsuit claimed EC Health disregarded the rights of the plaintiff and class members by negligently failing to take and implement reasonable and appropriate measures to ensure protected health information (PHI) was safeguarded, and that as a direct consequence of that negligence, the plaintiff and class members suffered an injury — diminution of the value of their PHI, an increased risk of identity theft and fraud, and lost time, annoyance, interference and inconvenience. In addition to negligence, the lawsuit asserted claims of breach of implied contract, breach of implied covenant of good faith and fair dealing, unjust enrichment, and violations of the North Carolina Identity Theft Protection Act and North Carolina Unfair Trade Practices Act.EC Health contests the claims in the lawsuit and denies any wrongdoing; however, it agreed to a $250,000 settlement to bring the litigation to an end to prevent further legal costs and avoid the risks and uncertainty associated with continuing the litigation. Attorneys’ fees, legal costs and expenses, settlement administration costs, and service awards will be paid out of the settlement fund, which is intended to be depleted. Attorneys’ fees are expected to be $83,325, and the service award to the named plaintiff will be $2,500.Class members may claim one of two payments. Up to $100 as reimbursement for documented out-of-pocket expenses related to the incident or a flat cash payment of $100, which will be adjusted *pro rata* depending on the number of claims.The settlement has received preliminary approval from the court. The deadline for objection to and exclusion from the settlement is August 18, 2025. All claims must be submitted by September 1, 2025, and the final fairness hearing has been scheduled for September 15, 2025.The post [East Carolina Health Settles Data Leak Lawsuit for $250,000](https://www.hipaajournal.com/east-carolina-health-data-breach-settlement/) appeared first on [The HIPAA Journal](https://www.hipaajournal.com).
Related Tags:
NAICS: 524 – Insurance Carriers And Related Activities
NAICS: 61 – Educational Services
NAICS: 621 – Ambulatory Health Care Services
NAICS: 611 – Educational Services
NAICS: 62 – Health Care And Social Assistance
NAICS: 52 – Finance And Insurance
NAICS: 622 – Hospitals
Blog: Hipaa Journal
Financial Theft
Associated Indicators: