Respiratory therapy supplier Lincare agrees to pay $875K to settle data breach lawsuit

Judge banging gavel on stack of money
Lincare has agreed to settle a data breach case filed by its employees late last year. (Getty/AndreyPopov)

The country’s largest provider of home respiratory supplies has agreed to pay $875,000 to settle a class-action lawsuit from former employees whose information was exposed during a 2017 data breach.

The settlement (PDF) resolves a lawsuit filed last fall that claimed Lincare failed to implement “the most basic security safeguards” to prevent a breach. A human resources employee fell victim to a phishing scam in February 2017 in which the sender claimed to be a Lincare executive asking for employee W-2s.

The Florida-based company provides in-home respiratory therapy equipment for customers suffering from chronic obstructive pulmonary disease. Lincare has more than 14,000 employees across more than 1,000 locations.

New White Paper

Fuel Top Line Growth Across All Lines of Business

Read the latest white paper on how health plans can empower brokers, sales, and marketing teams to increase acquisition and retention rates to achieve their 2020 revenue goals.

A Lincare spokesperson declined to comment. 

RELATED: Former employees sue respiratory therapy supplier Lincare over February data breach

Although the breach did not involve patient information, it served as a reminder that healthcare organizations are also susceptible to breaches involving employees, with significant liability in some cases.

Lincare offered credit monitoring to employees after the breach was discovered, but plaintiffs described that as a “minor half-measure that did not safeguard and protect the [information] already released.”

As part of the settlement, Lincare did not admit to any wrongdoing. The $875,000 will be divvied up into two funds, with $550,000 to compensate class members that suffered an out-of-pocket loss and $325,000 reserved for members that experienced an “eligible incident,” such as a fraudulent tax return, or a fraudulent loan or credit card.

RELATED: Data breaches are drawing more scrutiny from both federal and state regulators

The settlement comes as healthcare data breaches are drawing more scrutiny from federal and state regulators. Healthcare companies are also finding themselves in legal hot water as hacker groups continue to prey on long-standing vulnerabilities.

A case brought by employees of the University of Pittsburgh Medical Center has made its way to the Pennsylvania Supreme Court. The state court will weigh in on whether the provider is responsible for safeguarding employee information after a 2014 breach exposed information for 62,000 employees.

Suggested Articles

New research suggests that hospitals with strong financial results could do more to help patients in need of charity care.

The House must choose between several competing versions of legislation to tackle surprise medical bills. Here is how they stack up.

A Georgia doctor has been sentenced to 20 years in prison for operating a “pill mill” that dispensed a slew of controlled substances.