The University of Pittsburgh Medical Center (UPMC) recently settled a data breach class action for $450,000 stemming from a 2020 data breach that led to the compromise of about 36,000 UPMC patients.

UPMC is a Pennsylvania medical center and medical insurer. From April to June 2020, UPMC’s legal counsel, Charles J. Hilton PC, suffered a data breach that compromised its email accounts. As a result, UPMC information was also compromised, including patient names, Social Security numbers, birth dates, financial account numbers, identification numbers, signatures, medical records, and insurance information.

UPMC notified the affected patients in December 2020. The complaint alleges that UPMC had a duty to protect the patient data and failed to implement reasonable cybersecurity measures to do so. The lead plaintiff in the case alleged that after the incident occurred, he had a fraudulent Amazon credit card opened up in his name. He also claims that this led to significant time spent to mitigate the issue. Class members may receive up to $250 in cash payments for documented expenditures related to this incident, and up to $2,500 for documented identity theft loses or fraudulent charges, as well as up to $30 for undocumented time spent. All class members will also receive 12 months of free credit monitoring.