Doe, et al. v. San Diego Family Care, Case No. 37-2021-00023006-CU-BT-CTL Welcome to the information website for Doe, et al. v. San Diego Family Care, Case No 37-2021-00023006-CU-BT-CTL and Thomas v. San Diego Family Care, Case No 37-2021-00026758-CU-BT-CTL.
On May 25, 2021, Plaintiff Nadine Ferrer, using the pseudonym, Jane Doe, filed a class action lawsuit against San Diego Family Care (“SDFC” or “Defendant”) on behalf of all affected patients, or their parents or guardians, of SDFC who were sent a letter by SDFC entitled “Notice of Data Breach,” dated May 7, 2021, regarding a data security incident that occurred in December 2020. On June 21, 2021, Plaintiff Dacia Thomas also filed a class action lawsuit against SDFC on behalf of all affected patients, or their parents or guardians, who were mailed the “Notice of Data Breach” letter dated May 7, 2021. On April 13, 2022, the San Diego Superior Court entered an Order Granting Plaintiffs’ Motion for Preliminary Approval of Proposed Class Action Settlement and Conditional Certification of a Settlement, which conditionally certified the Settlement Class defined as all persons to whom San Diego Family Care (“SDFC” or “Defendant”) sent a letter, dated May 7, 2021, entitled “Notice of Data Breach, regarding a data security incident that occurred in December 2020.
A settlement has been proposed to resolve two separate lawsuits against SDFC brought separately by two patients, on behalf of themselves and all others similarly situated, regarding a data security incident during December 2020 that involved SDFC’s technology hosting provider, whose investigation into the incident determined that certain SDFC data may have been accessed or acquired by an unauthorized individual, as referred to in the letters entitled, “Notice of Data Breach,” dated May 7, 2021, sent by SDFC to affected patients, or their parents or guardians.
This website has been established to provide general information.
BACKGROUND OF THE LITTIGATION
On or after May 7, 2021, SDFC mailed to you and to the other Class Members a letter with the subject, “Notice of Data Breach,” signed by Roberta L. Feinberg, M.S., in her capacity as “Chief Executive Officer” of SDFC stating, in part, “I am writing to inform you of a data security incident that may have affected your personal information.” In the letter, SDFC further stated, “We are contacting you to notify you that this incident occurred and inform you about steps you can take to ensure your information is protected”; “In December 2020, SDFC [] became aware that our information technology hosting provider experienced a data security incident that resulted in the encryption of certain data”; and “On January 20, 2021, we learned that, based on our hosting provider’s investigation into the incident,” certain SDFC “data may have been accessed or acquired by an unauthorized individual.”
Additionally, SDFC described this data security incident in the “Notice of Security Incident” posted on SDFC’s website on April 6, 2021. In its “Notice of Security Incident,” SDFC also stated, in part, that, based upon its review, “the following personal and protected health information may have been involved in this incident: individuals’ names, Social Security numbers or other government identification numbers, financial account numbers, dates of birth, medical diagnosis or treatment information, health insurance information, and/or client identification numbers. However, not all of these data elements were affected for all individuals.”
In their separate actions, Plaintiffs allege that SDFC’s failure to adequately protect the confidentiality of all Class Members’ personal and confidential medical information and prevent disclosure or access by unauthorized third parties was a violation of the Confidentially of Medical Information Act, Civil Code §§ 56 et seq. (“CMIA”), as well as other laws. SDFC denies any violation of the CMIA or other applicable law and any alleged damages.
The appointed Class Representatives filed two separate class actions on May 25, 2021 and June 21, 2021, respectively, related to SDFC’s alleged violation of the CMIA (described above) and other laws (referred to as the “Litigation”). These two cases are pending before the San Diego Superior Court. On March 9, 2022, the Class Representatives filed a Motion for Preliminary Approval of the Class Action Settlement set forth in the Settlement Agreement entered between the Parties to the Litigation. On April 1, 2022, the Court granted preliminary approval of the settlement, approving this notice and directing that this notice be mailed to the Class defined as: “All persons to whom San Diego Family Care sent a letter, dated May 7, 2021, entitled ‘Notice of Data Breach,’ regarding a data security incident that occurred in December 2020” (the “Class”). SDFC represents that the Class is comprised of 125,500 persons.
The Honorable Matthew C. Braner of the San Diego Superior Court is presiding over the above-referenced actions. To date, no determination has been made by Judge Braner as to who is right or wrong or whether SDFC did or did not do anything that violates the law.
THE SETTLEMENT
The Court has not made any substantive rulings in favor of the Class Representatives or the Defendant. Instead, both sides agreed to settle the Litigation based upon their own independent investigations of the claims and defenses that may be made at trial, and they evaluated the additional cost and risk of continued litigation, trial and appellate proceedings. The Settlement Agreement does not mean that SDFC agrees that it did anything wrong or that the Court has found that it has engaged in any misconduct or violation of law. The Final Approval Hearing will be held on July 29, 2022 at 9:00 a.m., in Department C-60, at the Superior Court of California for the County of San Diego before the Honorable Matthew C. Braner.
IMPORTANT DATES
ADDITIONAL INFORMATION
If you have any questions, you may contact the administrator toll-free at (888) 250-6810.