Facts

Maxim Healthcare Services provides skilled nursing, physical rehabilitation, along with companion, respite and behavioral care for those with disabilities and illnesses. From October 1, 2020 to December 4, 2020, Maxim experienced a data incident, notifying affected individuals the following year, on or about November 4, 2021. On December 20, 2022, Michael Wilson, through his conservator Mosanthony Wilson, filed a class action suit in San Diego Superior against Maxim for violations of the Confidentiality of Medical Information Act and negligence.

PLAINTIFF'S CONTENTIONS: Plaintiff contended that defendant failed to take reasonable precautionary measures to protect the confidential medical and sensitive personal information it collects and maintains from unauthorized and unlawful access, use or disclosure especially given that defendant waited until the following year to notify the data breach victims. The information obtained were all personal identifying information including names, addresses, dates of birth, contact information, medical history, medical condition or treatment information, medical record number, diagnosis code, patient account number, Medicare/Medicaid number, username/password, and Social Security numbers.

DEFENDANT'S CONTENTIONS: Defendant denied all plaintiff's claims, asserting it engaged in no wrongdoing.

Result

The case settled. As part of the settlement, class members would be provided free identity-theft protection for 12 months, and would be eligible to receive up to $5,000 for expense reimbursement caused by the data incident.