Inmediata Health Group agreed to pay $1.12 million to resolve allegations it put patients at risk during a 2019 data breach that affected 1.5 million people, Top Class Actions reported.
Inmediata is a Puerto Rico-based healthcare clearinghouse. It ensures providers' medical claims are error-free so payers can accurately process them.
In January 2019, a third party accessed Inmediata networks during a cyberattack, according to the Feb. 10 report. Inmediata noticed electronic health information for some of its customers' patients was viewable online because a webpage setting had allowed search engines to index internal webpages. The company deactivated the website.
Inmediata began notifying clients and advising them to alert patients in April 2019, according to the report. The company said it is unaware of any information misuse, and there is no evidence that patients' health information was copied or saved.
The information exposed included Social Security numbers, names, addresses, dates of birth, gender and medical claim information, according to the notifications received by affected patients.
Patients affected by the data breach filed a class-action lawsuit against Inmediata in August 2019, claiming the company failed to adequately protect their information and took too long to inform them of the breach.
Inmediata did not admit wrongdoing, but agreed to pay $1.125 million to resolve the claims.