"In the first case, which settled in September 2025, a TPA serving self-funded employers and its co-defendant insurers agreed to pay $13.75 million to resolve claims tied to a 2023 data breach. The incident allegedly compromised the protected health information (PHI) of more than 2.5 million individuals, including a subclass of California residents. The TPA and its co-defendants were named in 13 class action lawsuits over the data breach,"
"The second settlement, finalized in October 2025, resolved a Texas class action lawsuit involving a 2024 data breach that allegedly impacted the personal and health information of more than 800,000 policyholders' records held by a Texas-based TPA. The suit alleged that the TPA and its insurer partners - in failing to implement reasonable cybersecurity measures - failed to prevent a cyberattack that exposed names, health insurance information, Social Security numbers and financial account details."
Two separate settlements resolved class actions alleging TPAs and insurer partners failed to safeguard sensitive data in major cyberattacks. In September 2025, a TPA serving self-funded employers and co-defendant insurers agreed to pay $13.75 million over a 2023 breach that allegedly exposed PHI for more than 2.5 million individuals, including California residents. Thirteen class actions were consolidated in federal court alleging inadequate cybersecurity measures. In October 2025, a Texas-based TPA and insurer partners agreed to a $6 million settlement over a 2024 breach that allegedly exposed personal, health, Social Security, and financial account information for over 800,000 policyholders. Defendants denied liability in both cases.
#third-party-administrators #data-breach-settlements #protected-health-information #class-action-lawsuits
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]