Netgain Technology has made the decision to resolve a consumer data breach lawsuit filed because of a ransomware attack and data breach in 2020. Netgain will create a $1.9 million settlement fund to pay class member claims.
Netgain is a cloud hosting and managed IT service company based in Minnesota, and many of its clients belong in the healthcare sector. A ransomware group acquired access to Netgain’s system from September to December 2020 with the deployment of ransomware on November 24, 2020. The ransomware attack impacted many of Netgain’s servers and resulted in taking its data servers offline. The ransomware group exfiltrated information that includes the patient records of its healthcare company clients. Data compromised during the attack included names, birth dates, contact details, Social Security numbers, medical data, and financial details.
On May 13, 2021, plaintiffs Jane Doe and Misty Meier submitted a class action complaint against Netgain, claiming their protected health information (PHI) and personally identifiable information (PII) were stolen during the ransomware attack. Other plaintiffs, Susan Reichert, Sherman Moore, Mark Kalling, Robert Smithburg, Robert Guertin, and Thomas Lindsay, also filed lawsuits. On August 24, 2021, a federal judge combined the lawsuits into one class action lawsuit, In Re: Netgain Technology, LLC, Consumer Data Breach Litigation, filed in the United States District Court for the District of Minnesota.
The lawsuit had a number of causes of action, though some were dismissed. The causes of action for declaratory judgment and negligence were permitted to continue. The court has given the negotiated settlement its preliminary approval. Based on the terms of the settlement, class members can file claims for recorded losses and lost income up to $5,000 per class member. After paying all claims received, any leftover settlement funds will be allocated pro rata to the class members.
Netgain has likewise decided to give injunctive relief for three years starting from the settlement effective date. In its effort to avoid paying HIPAA violation penalties in the future, Netgain has consented to use, continue, or apply the following:
- Firewall updates
- Geo-blocking
- Redirecting through protected gateways
- Virus protection technology in its database
- Backup data protection
- Multi-factor authentication in its hosting platform
- Set up a safe and scalable system