$6.5 million dollar settlement impacts several prisons

Several residents in San Quentin say their personal information was stolen while they were serving time in prison.
A class-action suit against Correct Care, a medical claims processing company, involved nearly 600,000 incarcerated persons in four states.
“I feel like it’s the helplessness that makes you hate the system. It is frustrating that we are not out there to fight for our rights. We are targets and vulnerable,” said San Quentin resident Ted Hingst.
According to HealthInfoSec, a settlement was reached for a breach of personal healthcare information possessed by Correct Care Integrated Health organization. The $6.5 million settlement affected several prisons and correctional facilities in California, Louisiana, Georgia, and South Carolina.
The lawsuit alleged negligence and breach of implied contract between 2012 and 2022. Compromised information included names, dates of birth, Social Security numbers, certain health information, and trust account information. A stolen identity can also lead to fraudulent filings with the IRS.
Lee Covarrubias, another San Quentin resident, said he experienced identity theft before, and it left him in a lot of fear and anxiety. “It was stressful. I felt a part of my life was taken away, and I felt insecure.”
As someone who’s been incarcerated for 7 years, Covarrubias said a person’s identity is invaluable and the fear of having one’s identity stolen while in prison causes anxiety.
A notification was sent to the possible victims, and proof of the claim was required to receive reimbursement for out-of-pocket losses up to $10,000 or an alternative cash payment was sent from the settlement.
The report stated the class members who chose the cash payment will receive money after all other claims were paid. Plaintiff attorneys will receive one-third of settlement and the five lead plaintiffs will receive service awards of $2,500.
“We don’t have tools to help ourselves, and we have to rely on someone from the streets just to start the process, if our information is stolen,” Hingst said.
He said he was notified of the data breach and is worried because he has assets which could be stolen.
Due to California’s Consumer Privacy Act, incarcerated individuals who are eligible class members may receive an additional amount equal to half the alternative cash payment.
According to Health Information Privacy Protection Act Journal, another case of an incident of a privacy attack against Lamoille Health Partners in Vermont was confirmed in June of 2022.
The report stated California Department of Corrections and Rehabilitation discovered suspicious activity, but was unable to confirm if unauthorized individuals hacked sensitive data. The occurrence which may have affected more than 230,000 individuals was reported to the U.S. Health and Human Services Office for Civil Rights.
Besides incarcerated people, the data breach targeted individuals who had been tested for COVID-19 between June of 2020 and January of 2022, including staff members, visitors, and others.
According to HIPPA Journal, incarcerated individuals’ information had not been impacted, but there was evidence of files which contained information on the Mental Health Services Delivery System dated back to 2008.
Residents’ information and data included information in the Trust, Restitution, Accounting, and Canteen Systems as well as individuals who paroled and were involved in the state’s substance use disorder treatment programs dating back to 2021.
The Journal stated CDCR discovered the breach during routine maintenance and that new procedures and a replacement computer system were in place to limit the possibility of further breaches.
“We are still citizens and just because we are locked-up, we have a right to be protected from identity theft,” Covarrubias said. “Being provided the right knowledge to protect ourselves inside and outside of prison is invaluable.”