The Behavioral Health Group (BHG) agreed to pay $1.575 million to settle a class action related to a data breach that occurred on or about December 05, 2021.

The lawsuit alleged negligence, breach of contract, and other claims against BHG XXXIV, LLC and BHG Holdings, LLC. The settlement benefits individuals who received a data breach notification from BHG regarding the December 2021 cyberattack that may have compromised their personal information.

Eligibility:

• Individuals who received a data breach notification from BHG regarding the December 2021 cyberattack.
• Settlement Class Members: Eligible for monetary compensation and credit monitoring services.
• Injunctive Relief Class Members: Only eligible for non-monetary benefits.

Compensation:

• Alternative Cash Payment: Estimated at $150 but could range up to $250 depending on the number of claims and remaining funds after other distributions.
• Compensation for Lost Time: Up to 8 hours at $25 per hour for time spent dealing with the data incident.
• Ordinary Out-of-Pocket Expenses: Up to $200 for documented expenses such as bank fees, phone charges, postage, and credit monitoring services purchased between December 05, 2021, and October 22, 2024.
• Extraordinary Out-of-Pocket Expenses: Up to $5,000 for documented losses directly arising from identity theft or fraud resulting from the data incident.
• Credit Monitoring Services: 24 months of free credit monitoring and identity theft protection services.

Proof Required:

• Account statements, travel receipts, IRS letters, tax documents, credit reports, professional documentation, police reports, and other documentation of data breach-related expenses.

Deadlines:

• The deadline for exclusion and objection was September 23, 2024.
• The final approval hearing for the settlement was scheduled for October 29, 2024.
• Class members had to submit a valid claim form by October 23, 2024.

https://topclassactions.com/lawsuit-settlements/privacy/data-breach/1-575m-behavioral-health-group-data-breach-class-action-settlement/

Commentary

Contemporary settlements of a data breach with patients and/or employees require some form of proof that the individual or organization was harmed. In the above source, the proof necessary to receive settlement proceeds are:

1. Account Statements: Statements are used to verify any financial losses or expenses incurred due to the data breach. For example, if a patient had to pay bank fees or other charges related to the breach, providing account statements can help substantiate these claims.
2. Travel Receipts: If a patient or employee had to travel to deal with issues arising from the data breach, such as visiting a bank or other institutions, travel receipts can be used to prove these expenses.
3. IRS Letters and Tax Documents: Tax documents can help verify any tax-related issues or identity theft that occurred because of the data breach.
4. Credit Reports: If a patient or employee's credit was affected by the data breach, providing credit reports can help demonstrate the impact and support his or her claim for compensation.
5. Professional Documentation: Any professional services a patient or employee had to pay for, such as legal or financial advice, can be substantiated with professional documentation.
6. Police Reports: If a patient or employee filed a police report due to identity theft or fraud resulting from the data breach, this can be used to support a claim for extraordinary out-of-pocket expenses.

The final takeaway is that a settlement for a data breach is not an "automatic giveaway" to patients, employees or others. Proof of harm is still necessary before any person can claim a part of a settlement.