UnityPoint (Fox v. Iowa Health System ) Data Breach Litigation
Fox v. Iowa Health System
United States District Court for the Western District of Wisconsin
Case No. 18-00327
On July 25, 2019, the Court granted in part and denied in part Defendant’s motion to dismiss. The parties reached a settlement in June 2020, which has been presented to the Court for review and approval.
Plaintiffs filed this complaint against Iowa Health System (UnityPoint Health), a multi-hospital delivery and health care system serving Wisconsin, Iowa, and Illinois. UnityPoint’s patient data, including protected health information, was compromised on at least two separate occasions, and Plaintiffs bring this litigation on behalf of individuals in Wisconsin, Iowa, and Illinois whose protected health information was compromised in the First Data Breach or Second Data Breach, described below.
First Data Breach
In the First Data Breach, UnityPoint patient data was compromised starting as far back as November 2017, but this data breach was not reportedly discovered until early February 2018. On or about April 17, 2018, patients affected by the First Data Breach were notified of the data breach, but the First Notice Letter did not mention to what extent UnityPoint would take any steps to remediate the harm from the data breach, including whether it would offer protective services such as credit monitoring or identity theft protection.
Second Data Breach
In the Second Data Breach, starting as far back as March 2018, UnityPoint patient data including protected health information was again compromised. The Second Data Breach was reportedly discovered in May 2018. On or about August 2, 2018, patients affected by the Second Data Breach were notified of the data breach, and offered one complimentary year of credit monitoring and identity protection services to at least some patients affected by the Second Data Breach.