Analyzing the $7.5 Million UCLA Health Data Breach Settlement

A proposed $7.5 million settlement of a class action lawsuit filed against ULCA Health in the wake of a 2015 cyberattack that affected 4.5 million individuals stands apart from most other breach-related settlements because it requires the organization to spend a substantial sum on improving its security, says attorney Steven Teppler.Under terms of the settlement, UCLA Health has agreed to spend at least $5.5 million beyond its current budget to expedite and implement cybersecurity enhancements to its computer network.In addition, a $2 million fund will be used to reimburse settlement class members who incurred costs seeking to protect against, or remedy, identity theft.All settlement class members are also entitled to two years of free credit monitoring and identity protection services, even if they previously obtained the one-year credit monitoring package offered by UCLA Health in 2015, according to the proposed settlement agreement, which awaits final court approval.The class action lawsuit was filed against UCLA Health in 2015 soon after the organization revealed that protected health information of millions of individuals was potentially exposed when hackers in late 2014 breached its network (see: UCLA Health Faces Lawsuit – Already).”What stands out most to me about this settlement is the amount of funds that are guaranteed to be spent on improving network security architecture,” Teppler, an attorney who specializes in technology issues and electronic discovery and who was not involved in the case, says in an interview with Information Security Media Group.