Academic health system agrees to $8M settlement following data breach

Chad Van Alstin | | Health Exec | Cybersecurity
cleveland clinic settles for failing to disclose research funding

A class-action lawsuit filed against University of Missouri (MU) Health Care over a 2020 data breach has been resolved, with plaintiffs receiving an $8 million judgment.

MU Health Care announced the incident in September 2020, though the cyberattack on its systems occurred in early May. According to an announcement, hackers accessed patients' personal information, including "names, dates of birth, medical record or patient account numbers, health insurance information and/or limited treatment or clinical information, such as diagnostic, prescription and/or procedure information."

"For some patients, a Social Security number was also identified," MU Health Care confirmed. An investigation into the scope of the breach later concluded that 190,000 individuals were affected.

Each person who opts to receive a judgment in the class-action case will receive between $60 and $150, according to a website set up for the settlement fund.

Attorney fees for the lawsuit will account for roughly $1.76 million of the $8 million total.

Casey Bumbales and Amanda Kunkelman, victims of the attack who initially spurred the class-action filing against MU Health Care, are set to receive $5,000 each as an award, the court confirmed.

As part of the deal, MU Health Care does not admit wrongdoing. However, the specifics of their non-financial concessions shed light on how cybercriminals were able to gain unauthorized access to systems. MU Health Care has agreed to "maintain multifactor authentication for its email system and conduct enhanced email security training as remedial measures for at least five years," suggesting the institution may have fallen victim to a phishing attack.

Those upgrades are estimated to cost the health system around $1 million, according to court documents.

More Cybersecurity Articles:

Number of Americans impacted by Change Healthcare breach nears 200M
Report: 84% of healthcare organizations identified a data breach last year
Data breach at chain of clinics impacts 450K patients
Nebraska becomes first state to sue Change Healthcare over data breach
Christmas ransomware exposed over 300K patient records to dark web
Chad Van Alstin Health Imaging Health Exec
Chad Van Alstin

Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.

Related Content

Number of Americans impacted by Change Healthcare breach nears 200M
Report: 84% of healthcare organizations identified a data breach last year
Dental chain involved in ransomware coverup fined $350K
FBI seeking extradition of Israeli prisoner accused of $500M in ransomware attacks
Data breach at chain of clinics impacts 450K patients
Nebraska becomes first state to sue Change Healthcare over data breach

Around the web

Radiology Business
ACR shares guidance to help members deal with confusing White House executive orders

A string of executive orders from the White House created serious concerns among radiologists and other healthcare providers throughout the United States. The American College of Radiology issued a statement to help guide its members through the chaos. 

Cardiovascular Business
Philips to sell its emergency care business to private equity firm

Bridgefield Capital, founded in 2015, has previously invested in such popular brands as Cirque Du Soleil, Del Monte and Quiksilver. This transaction is expected to be completed in the second half of 2025. 

AI in Healthcare
Nat’l Academy of Medicine sets ‘priorities for action’ as healthcare mulls next moves with AI

Given the precarious excitement of the moment—or is it exciting precarity?—policymakers and healthcare leaders must set directives guiding not only what to do with AI but also when to do it.