Share this article on:
A preliminary settlement was recently approved by a federal court in California to resolve a consolidated class action lawsuit against Solara Medical Supplies.
Solara Medical Supplies is a Chula Vista, CA-based direct medical device and disposable medical products supplier and registered pharmacy. On June 28, 2019, Solara Medical identified suspicious activity in an employee’s email account. The ensuing investigation confirmed that unauthorized individuals gained access to multiple Office 365 email accounts between April 2, 2019 and June 20, 2019, following employee responses to phishing emails.
The forensic investigation confirmed that the sensitive information of 114,007 of its customers had been exposed and potentially stolen, including names, dates of birth, social security numbers, driver’s license numbers, health insurance information and financial information. Those affected were offered free credit monitoring and identity theft protection services for 12 months.
Four class action lawsuits have been filed on behalf of affected customers, and these lawsuits have been consolidated into one lawsuit. Solara Medical Offered Settlement to Resolve Lawsuit to Avoid Ongoing Legal Expenses; however, denied any wrongdoing. The settlement dismisses the lawsuit with prejudice and constitutes no admission of wrongdoing, wrongdoing or liability.
Under the terms of the settlement, Solar Medical has agreed to pay $5,060,000 to cover the plaintiffs’ and class members’ claims and will take steps to improve data security to prevent further security breaches. The six plaintiffs named in the lawsuits will each receive $4,000, and any class members who file timely claims will receive $100, plus a prorated payment of up to $1,000 if there are funds left in the fund after that the cash payments of $100 have been made. The settlement amount includes $2.3 million in attorneys’ fees. If any funds remain, they will be donated to the Juvenile Diabetes Research Foundation.
Over the next two years, Solara Medical will undergo a SOC 2 Type 2 audit, which will be repeated until successful, engage an independent third party to perform a HIPAA IT assessment, perform at least one incident response test of cybersecurity per year, will undergo third-party phishing and external vulnerability testing at least twice a year. Solara Medical will also implement a Security Information Event and Management (SIEM) tool with a 400-day log retrospective. Improved versions of the corrective actions or the same actions will be carried out according to the new industry standards over the following three years.