Plaintiffs who slapped Sony Pictures with a class action lawsuit after their detailed medical records were swiped in a cyberattack last November have finally reached an agreement on a proposed settlement.
In a September 2 court filing, attorneys for the former Sony employees who sued the entertainment giant, said the two parties had come to an "agreement in principle on the material terms of a proposed settlement."
[See also: Medical records exposed in massive Sony hack.]
Over the next 45 days, both parties will write up the formal settlement documents.
"We believe the proposed settlement is a favorable resolution of the claims asserted by the plaintiffs," wrote Daniel C. Girard, the plaintiffs' attorney, in the court filing. "We believe the interests of class members will be best served if the proposed settlement is submitted for Court approval."
The proposed settlement could serve as a precedent for the consequences organizations and corporations could face following a HIPAA breach. The lawsuit stemmed from a November 24 cyberattack in which hackers calling themselves the Guardians of Peace swiped what they said amounted to 100 terabytes of data from Sony.
[See also: Oncology group slapped with $750K HIPAA fine and Time to ditch the 'security team of yesterday'.]
The data included detailed clinical diagnoses on 34 Sony employees, their partners and children. Data on individual's medical conditions included cancer, alcoholic liver disease and kidney failure, among others, Bloomberg reports. Overall, the medical records of some 30,000 invididuals had their data compromised in the Sony hack, according to data from the Department of Health and Human Services.
"This stuff will haunt all those people the rest of their lives. Once it's up on the Internet it is up in perpetuity," Deborah Peel, MD, founder of nonprofit health privacy advocacy group Patient Privacy Rights, told Bloomberg.
