Flowers Hospital to Pay $150,000 to Settle Data Breach Lawsuit

Flowers Hospital in Dothan, AL has agreed to settle a class action data breach lawsuit that was filed against the hospital in 2014. Legal action was taken by patients who had their protected health information stolen by a hospital laboratory employee who sold the information on to tax fraudsters who filed falsified tax returns under the patients’ names.

A deputy sheriff stumbled upon the patient documents in the vehicle of Karmarian Millender, the Flowers Hospital laboratory employee, during a traffic stop. Millender plead guilty to the charges and received a two-year prison sentence.

Many patients chose to pay for credit monitoring services to prevent financial harm and spent a considerable amount of time combating identity theft. Some patients also had their tax returns delayed and lost interest as a result. many of the breach victims added their names to a class action lawsuit against the hospital and sought compensation to cover out-of-pocket costs associated with the breach.

The lawsuit claimed Flowers Hospital was negligent by failing to implement sufficient controls to prevent data theft. The hospital attempted to have the lawsuit dismissed, claiming the case lacked standing is the plaintiffs had failed to prove economic damage related to the data breach. A judge permitted the plaintiffs to revise the complaint and the motion to dismiss did not apply to the updated filing.

It’s been almost five years since the lawsuit was filed, but it has finally been dismissed with no admission of liability. Flowers Hospital agreed to pay up to $150,000 to breach victims and the settlement has now been approved by a judge.

The protected health information of 1,208 patients was potentially stolen by Millender. Those who submitted claims are going to receive a percentage of the settlement amount, which will be up to $5,000 per patient. The amount covers loss of interest due to late tax returns, the cost of credit monitoring services, and up to 4 hours loss of earnings. Most breach victims are likely to receive less than $250 in damages.