Updated on 2022-09-30
Managed care company Magellan Health will pay $1.43 million to settle a lawsuit filed in the wake of a 2019 data breach. In May 2019, Magellan subsidiary Magellan Rx Management suffered a phishing attack that led to the compromise of sensitive personal information belonging to 273,000 patients. While Magellan learned about the breach in July 2019, affected patients were not notified until November 2019. According to the HIPAA Breach Notification Rule, covered entities and their associates are required to disclose breaches affecting more than 500 individuals within 60 days of discovering the incident.
- Managed service providers are going to see more of these lawsuits from their customers, which seem to be settled more often than the broad class action lawsuits that have gotten more press. If you are a service provider, good one to show your Chief Legal Counsel along with many previous reports on how cost to avoid was way less than the overall eventual cost of being compromised.
- Make sure you are tracking breach notification requirements for all your data types. Enlist expert guidance when you’re breached, and if you’re planning to miss the required window make sure you’re also taking to the regulator as late findings/penalties will only worsen your recovery process.
Read more in