Kaether v. Metropolitan Area EMS Authority

A Court authorized the Notice because you have the right to know about the proposed settlement of this class action lawsuit and about your rights and options before the Court decides whether to grant final approval of the Settlement Agreement. The Notice explains the lawsuit, the Settlement Agreement, your legal rights, what benefits are available, who is eligible for the benefits, and how to get them.

The District Court of Tarrant County, Texas is overseeing this class action case. The case is known as Kaether v. Metropolitan Area EMS Authority, Cause No. 342-339562-23 (the “Litigation”). The person who filed this lawsuit is called the “Plaintiff” and the company sued, Metropolitan Area EMS Authority d/b/a MedStar Mobile Healthcare, is referred to in this document as “MedStar” or the “Defendant.”

On January 13, 2023, Plaintiff filed the class action lawsuit against MedStar based on a cyberattack on MedStar’s network in October 2022 (the “Incident”), alleging claims of negligence, breach of implied contract, negligence per se, breach of fiduciary duty, public disclosure of private facts, and unjust enrichment (the “Litigation”). On December 19, 2022, after a preliminary investigation, MedStar sent a letter to those whose data may have been exposed. MedStar’s letter informed the relevant individuals that MedStar “recently suffered a cyberattack affecting portions of protected health information for individuals [they] have served, which may have included [the recipients’] information. On October 20, 2022, [MedStar] experienced issues with [its] network systems. [MedStar] promptly investigated and determined that a third party had accessed [MedStar’s] network. MedStar is providing this notice to give [recipients] more information on what happened and what [MedStar is] doing in response. An unauthorized third party gained access to a restricted location in MedStar’s computer network that contained a number of files, including those with personal health information.”

No court or other entity has determined that MedStar committed any wrongdoing or violated any law, and MedStar denies all the claims asserted in the Litigation. By entering the settlement, MedStar is not admitting any wrongdoing or liability.

In a class action, a representative plaintiff or plaintiffs sues on behalf of all people who have similar claims. Together all these people are called a Settlement Class or Settlement Class members. One court resolves the issues for all Settlement Class members, except for those Settlement Class members who timely exclude themselves from the Settlement Class.

The proposed Plaintiff in this case is Scott Kaether.

Plaintiff and MedStar do not agree about the claims made in this Litigation. The Litigation has not gone to trial, and the Court has not decided in favor of any party. Instead, Plaintiff and MedStar have agreed to settle the Litigation. Plaintiff and the attorneys for the Settlement Class (“Class Counsel”) believe the Settlement Agreement is best for all Settlement Class Members and Subclass Members because of the settlement benefits and the risks and uncertainty associated with continued litigation and the nature of the defenses raised by MedStar.

Under the settlement, the Court decided that the Class includes all persons whose Health Insurance Information was potentially compromised as a result of the cyberattack that MedStar discovered in or about October 2022. Additionally, the Court also certified a Settlement Subclass that includes all persons whose medical information protected by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and other protected health information were potentially compromised as a result of the cyberattack that MedStar discovered in or about October 2022.

The Settlement Subclass is included within the overall Settlement Class.

Yes. Excluded from the Class are (1) any entity in which MedStar has a controlling interest and (2) the affiliates, legal representatives, attorneys, successors, heirs, and assigns of MedStar. Excluded also from the Class are members of the judiciary to whom this case is assigned, their families, and members of their staff.

If you are still not sure whether you are a Settlement Class Member, you may call the Settlement Administrator’s toll-free number at 1-877-581-2235 or write to the Settlement Administrator at the following address:

MedStar Data Breach
Settlement Administrator
P.O. Box 2348
Portland, OR 97208-2348

Settlement Class Members

If you are a Settlement Class Members and you file a valid and timely Claim Form by February 23, 2024, you may be eligible for the following settlement benefits:

Out-of-Pocket Losses - If you are a member of the Settlement Class, you can file a claim for up to $3,000 in unreimbursed out-of-pocket losses related to the cyber-attack that MedStar discovered in or about October 2022 (the “Data Incident”). Examples of potentially reimbursable losses include:

• Out-of-pocket expenses incurred as a result of the Data Incident, including bank fees, long-distance phone charges, cell phone charges (only if charged by the minute), data charges (only if charged based on the amount of data used), postage, or gasoline for local travel;
• Fees for credit reports, credit monitoring, or other identity theft insurance product purchased between October 20, 2022, and October 26, 2023;
• Monetary losses incurred from identity theft or fraud as a result of the Data Incident, including unauthorized charges or purchases.

In order for your claimed out-of-pocket loss to qualify for a payment, the following conditions must be met:

• The loss is an actual, documented, and unreimbursed monetary loss;
• The loss was more likely than not caused by the Data Incident;
• The loss occurred between the time of the Data Incident and the time that Claim Forms are submitted;
• The loss is not already covered by one or more of the normal reimbursement categories; and
• The Settlement Class Member made reasonable efforts to avoid, or seek reimbursement for, the loss, including (but not limited to) exhaustion of all available credit monitoring insurance and identity theft insurance.

In order to have your claim for out-of-pocket losses approved, you must submit adequate documentation establishing your claim. This can include receipts or other documentation (not “self-prepared” by you) that documents the costs incurred. “Self-prepared” documents—such as handwritten receipts—are, by themselves, insufficient to receive reimbursement, but they can be considered by the Settlement Administrator to add clarity or support other submitted documentation.

Credit Monitoring - MedStar will pay for a one-year membership of single-bureau credit monitoring with up to $1,000,000 in fraud insurance for Settlement Class Members and Subclass Members. You can easily file your claim for credit monitoring services here.

Settlement Subclass Members

If you are a Settlement Subclass Member and you file a valid and timely Claim Form by February 23, 2024, you may be eligible for the following settlement benefits:

Out-of-Pocket Losses - If you are a member of the Settlement Subclass, you can file a claim for up to $3,000 in unreimbursed out-of-pocket losses related to the cyberattack that MedStar discovered in or about October 2022 (the “Incident”). Examples of potentially reimbursable losses include:

• Out-of-pocket expenses incurred as a result of the Data Incident, including bank fees, long-distance phone charges, cell phone charges (only if charged by the minute), data charges (only if charged based on the amount of data used), postage, or gasoline for local travel;
• Fees for credit reports, credit monitoring, or other identity theft insurance product purchased between October 20, 2022, and October 26, 2023;
• Monetary losses incurred from identity theft or fraud as a result of the Data Incident, including unauthorized charges or purchases.

In order for your claimed out-of-pocket loss to qualify for a payment, the following conditions must be met:

• The loss is an actual, documented, and unreimbursed monetary loss;
• The loss was more likely than not caused by the Data Incident;
• The loss occurred between the time of the Data Incident and the time that Claim Forms are submitted;
• The loss is not already covered by one or more of the normal reimbursement categories; and
• The Settlement Class Member made reasonable efforts to avoid, or seek reimbursement for, the loss, including (but not limited to) exhaustion of all available credit monitoring insurance and identity theft insurance.

In order to have your claim for out-of-pocket losses approved, you must submit adequate documentation establishing your claim. This can include receipts or other documentation (not “self-prepared” by you) that documents the costs incurred. “Self-prepared” documents—such as handwritten receipts—are, by themselves, insufficient to receive reimbursement, but they can be considered by the Settlement Administrator to add clarity or support other submitted documentation.

Credit Monitoring - MedStar will pay for a one-year membership of single-bureau credit monitoring with up to $1,000,000 in fraud insurance for Settlement Class Members and Subclass Members. You can easily file your claim for credit monitoring services here.

Compensation for Lost Time – In addition to the above benefits, members of the Settlement Subclass can make an additional claim for compensation for lost time. MedStar will make additional compensation available to Settlement Subclass Members in the form of up to 4 hours of lost time at $20/hour of time spent mitigating the effects of the Data Incident (up to a total of $80 for lost time). Settlement Subclass Members may submit their claim for up to 4 hours of lost time with an attestation under oath that they spent the claimed time responding to issues raised by the Data Incident. Lost time claims can be filed at the Settlement Website. Settlement Subclass Members can also download an attestation form here and file by mail.

If you were sent a Postcard Notice of the settlement by mail, the Postcard Notice will identify you as a member of the Settlement Subclass. On the Postcard Notice you were sent is a unique identifying number that you can use to file your Lost Time Claim.

Under the Settlement Agreement, MedStar agrees to implement and/or keep in place the following (or better) security-related measures through December 31, 2024:

• Update its multi-factor authentication;
• Disable Outlook Anywhere access for its employees;
• Deploy security awareness training for its employees; and
• Lower the maximum recipients per email message.

Costs associated with these business practice commitments will be paid by MedStar separately and apart from other settlement benefits.

Unless you exclude yourself, you are choosing to remain in the Settlement Class. If the Settlement Agreement is approved and becomes Final, all the Court’s orders will apply to you and legally bind you. You will not be able to sue, continue to sue, or be part of any other lawsuit against MedStar and the Released Parties about the legal issues in this Litigation that are released by this settlement. The specific rights you are giving up are called “Released Claims.”

The Settlement Agreement in Sections VI and XV describes the Release, Released Claims, and the Released Parties in necessary legal terminology, so please read these sections carefully. The Settlement Agreement is available here or in the public court records on file in this lawsuit. For questions regarding the Release and what it means, you can also contact one of the lawyers listed in FAQ 16 for free, or you can talk to your own lawyer at your own expense.

The February 23, 2024 Claims Filing Deadline has passed. It is now too late to file a claim to receive a Settlement benefit.

If you change your mailing address or email address after you submit a Claim Form, it is your responsibility to inform the Settlement Administrator of your updated information. You may notify the Settlement Administrator of any changes by calling 1-877-581-2235 or by writing to the following address:

MedStar Data Breach
Settlement Administrator
P.O. Box 2348
Portland, OR 97208-2348

The Credit Monitoring enrollment period is open through August 26, 2024. If you filed an approved claim for Credit Monitoring, you were sent enrollment instructions via email on May 28, 2024. If no email address was provided by you when you submitted your claim, the enrollment instructions were mailed to the address on file. If you filed an approved claim for Lost Time and/or Out-of-Pocket Losses, you were sent an email with payment instructions on June 19, 2024. If no email address was provided by you when you submitted your claim, or if you are unable to redeem your digital payment, you will be mailed a check in early August 2024.

Yes. The Court has appointed Gary M. Klinger, Alexander Wolf, and John Nelson of Milberg Coleman Bryson Phillips Grossman and Joe Kendall of Kendall Law Group, PLLC, as Class Counsel to represent you and the Settlement Class for the purposes of this settlement. You may hire your own lawyer at your own cost and expense if you want someone other than Class Counsel to represent you in this Litigation.

The Court has awarded attorneys’ fees and costs in the amount of $150,000 and a Service Award of $2,500 to the Plaintiff for participating in this Litigation, which MedStar has paid directly. This does not affect the amounts paid to the Class.

The January 24, 2024 deadline to request exclusion from the Settlement has passed. It is now too late to request exclusion from the Settlement.

No. If you exclude yourself, you are telling the Court you do not want to be part of the settlement. You can only get settlement benefits if you stay in the settlement and submit a valid Claim Form.

No. Unless you exclude yourself, you give up any right to sue MedStar and Released Parties for the claims resolved by this settlement. You must exclude yourself from this Litigation to start or continue with your own lawsuit or be part of any other lawsuit against the MedStar or any of the Released Parties. If you have a pending lawsuit, speak to your lawyer in that case immediately.

The January 24, 2024 deadline to object to the Settlement has passed and the Court has approved the Settlement. It is now too late to object to the Settlement.

Objecting is simply telling the Court you do not like something about the Settlement Agreement or requested attorneys’ fees and expenses. You can object only if you stay in the Settlement Class (that is, do not exclude yourself). Requesting exclusion is telling the Court you do not want to be part of the Settlement Class or the settlement. If you exclude yourself, you cannot object to the settlement.

On March 22, 2024, the Court approved the Settlement as fair, reasonable, adequate, and in the best interests of the Settlement Class.

If you are a Settlement Class Member and you do nothing, you will not receive any settlement benefits. You will give up rights explained in FAQ 18, including your right to start a lawsuit, continue with a lawsuit, or be part of any other lawsuit against MedStar or any of the Released Parties about the legal issues in this Litigation that are released by the Settlement Agreement.

The Notice and this website summarize the proposed settlement. Complete details are provided in the Settlement Agreement. The Settlement Agreement and other related documents are available here, by calling 1-877-581-2235, or by writing to the following address:

MedStar Data Breach
Settlement Administrator
P.O. Box 2348
Portland, OR 97208-2348

PLEASE DO NOT TELEPHONE THE COURT OR THE COURT’S CLERK OFFICE REGARDING THE NOTICE OR THIS WEBSITE.