Morley Companies settled for $4.3 million in relation to its August 2021 hack. The company did not report the data theft to the public until early 2022, apparently running further afoul of California and HIPAA regulations.
“The Michigan-based third-party vendor provides process outsourcing for a range of U.S. companies, including healthcare. A little more than 521,000 patients were notified their data was stolen during a security incident….Notably, approximately 33%, or $1.42 million of the proposed settlement will be directed to attorneys’ fees and costs.”
Source: Morley reaches $4.3M settlement after hacking incident leads to data theft for 694K