Last Update: 06/03/2026 at 4:25 AM EST
Healthcare Data Breach Settlements
Coverage from ClassAction.org, The HIPAA Journal, and others
Articles
48
Latest Article
06/02
Active Days
231
Executive Summary
Recent healthcare privacy coverage is dominated by data breach class actions, with repeated settlements tied to ransomware, unauthorized access, and stolen records. Most cases involve patient or employee Social Security numbers, medical information, and notice-based claims for cash, reimbursement, and monitoring.
Key Points
- The strongest pattern is recurring class action settlement activity after healthcare-related data breaches, especially from ransomware and unauthorized internal access.
- Exposed data repeatedly includes names, Social Security numbers, dates of birth, addresses, medical records, and other identity-linked information.
- Most settlements pair modest cash compensation with identity monitoring, fraud resolution support, or reimbursement for documented losses.
- Notification timing, breach scope, and the adequacy of security controls remain recurring points of dispute in the lawsuits.
- Vendor and third-party access risk appears in several cases, showing that privacy exposure is not limited to the primary provider.
- The topic is operational and litigation-heavy rather than policy-heavy, with court approvals, claim deadlines, and fairness hearings driving the current signal.
- The cluster is coherent and dense, with little fragmentation: most items fit the same breach-to-settlement pattern.
Featured Article
Blackstone Valley Community Health Care agreed to settle a class action over a November 2023 data breach, offering up to $2,830 and three years of credit monitoring to about 34,000 affected patients.
Coverage Timeline: 231 Days
Hover over any logo to see coverage summary, click for full article.
Additional Articles
⭐⭐⭐⭐⭐
Oglethorpe, Inc. obtained March 10, 2026 preliminary approval for a class action settlement covering a June 2025 cyberattack involving patient and employee data in Florida.
Heritage Provider Network, Regal Medical Group, and affiliates agreed in California state court to a preliminarily approved $49.995 million settlement resolving class actions over a December 2022 healthcare data breach.
FMC Services, LLC reached a preliminary-approved $2.15 million class action settlement for a July 26, 2022 data breach affecting Amarillo, Texas patients.
Youth and Shelter Services, Inc. faces a class action settlement approved preliminarily on April 27, 2026, covering about 20,000 people affected by a September 2023 breach.
Henderson & Walton Women's Center, P.C. obtained preliminary approval for a $900,000 class action settlement tied to a Feb. 11-14, 2022 patient data breach in Alabama.
AGC America Inc. pursued preliminary settlement approval on March 17 after a December 2023 cyberattack allegedly exposed 20,951 employees personal identifiers to dark web sale.
Gandara Mental Health Center reached a $900,000 preliminary settlement after a June 20, 2024 cyberattack exposed sensitive mental health and identity data for 17,543 Massachusetts residents.
Centrelake Medical Group and Des Moines Orthopaedic Surgeons settled class actions in 2019 and 2023 US health data breaches, offering monitoring and capped reimbursements.
Oak View Group agreed to an $824,000 class action settlement in California federal court after a November 2023 cyberattack allegedly exposed personal data.
HHS OCR announced April 23, 2026 HIPAA Security Rule settlements with four entities after ransomware exposed unsecured ePHI for more than 427,000 people.
⭐⭐⭐
Alpha Baking Co. reached a $1,050,000 class action settlement for a January 2025 data breach, with claims due June 22, 2026.
Hudson v. Pennsylvania State Education Association resolves claims over a July 6, 2024 data breach through a class action settlement with cash, loss reimbursement, and two years of credit monitoring.
Essen Medical Associates, Trader Joe's, Complete Payroll Solutions, Avis, Krispy Kreme, and Lakeview Loan Servicing face class-action settlements closing in June 2026 over alleged privacy and payment data exposure.
On March 9, 2026, a court granted preliminary approval to a QPharma class action settlement over alleged failures to protect consumer data in a December 2024 breach.
South Texas Oncology and Hematology reached a $1,075,000 settlement in 2026 over alleged patient data exposure from a February 2024 breach.
Enroll Confidently, Inc. reached a $990,000 class action settlement over a Feb. 13, 2024 data breach affecting U.S. employees and clients, pending final approval.
Missouri-based Esse Health agreed to a $2,525,000 class action settlement for an April 2025 breach, pending final court approval scheduled in August 2026.
Ciox Health, doing business as Datavant Group, received preliminary approval on April 17, 2026, for a $900,000 class action settlement tied to a May 2024 phishing-related data breach.
Thompson Coburn LLP agreed in 2026 to a $7.5 million settlement for a May 2024 data breach affecting about 377,211 notified people in the United States.
Mission Community Hospital agreed to a $1,546,409 class action settlement after a May 2023 privacy breach allegation, with preliminary approval on March 9, 2026 in California.
Motility Software Solutions reached a $4,949,500 class action settlement after an August 2025 breach exposed Social Security numbers and driver license numbers, with preliminary approval on April 22, 2026.
Mt. Baker Imaging LLC and Northwest Radiologists Inc. agreed to a $3.3 million class action settlement for a January 2025 ransomware breach affecting about 340,184 US patients.
AGC America Inc. agreed in 2020s litigation to pay a $597,000 class action settlement over a December 2023 targeted cyberattack affecting 20,951 U.S. residents.
Gandara Mental Health Center Inc. settlement announced for Massachusetts residents after a June 2024 breach, offering up to $5,600 and Cyex credit monitoring.
Grace Oliveri v. The Ambulatory Surgery Center of Westchester provides up to $5,000 for documented losses after a November 2023 cyberattack at a New York surgery center.
Cross Valley Federal Credit Union agreed to a class action settlement for a December 2024 data breach, offering up to $5,000 reimbursement and two years credit monitoring.
Youth and Shelter Services Inc. agreed to settle a class action over a September 2023 data breach that potentially affected about 20,000 individuals in the United States.
Datavant Group agreed to a $900,000 class action settlement after a May 8-9, 2024 phishing incident potentially exposed sensitive personal data for about 58,309 people.
Clarkson et al. settlement after an October 2024 Onsite Mammography breach provides up to $5,000 and three years of credit and identity monitoring for 357,265 notified individuals in the United States.
Deanco Healthcare LLC, d/b/a Mission Community Hospital, reached a class action settlement in response to a May 1, 2023 data breach affecting 269,847 people.
Motility Software Solutions Inc. reached a class action settlement for an August 2025 data breach, allowing U.S. residents to claim up to $5,000 plus credit monitoring.
Cardiovascular Consultants agreed to a $3.85 million settlement in an Arizona class action over a ransomware breach detected September 29, 2023, involving exfiltrated patient records.
Veradigm settles 2024 data breach case in Illinois federal court, funding 10.5 million for affected patients.
Continuum Health Alliance settles data breach case in New Jersey over October 2023 incident.
Emergency Medical Services Authority (Oklahoma) and Compassion Health Care (North Carolina) reached class-action settlements in 2024-2025 data breach cases affecting hundreds of thousands of patients.
Endue Software reached an $870,000 U.S. class action settlement on July 15, 2026 approval timing after a February 2025 data breach, offering monitoring, identity protection, and cash claims.
Whitman Hospital & Medical Clinics agreed on a $500,000 settlement for a December 2024 to February 2025 data breach affecting about 64,401 people.
Alta Resources Corp. reached a class action settlement for a November 2023 breach, offering claimants up to $2,000 and two years of credit monitoring.
Aln Medical Management LLC settles a March 2024 data incident class action in the United States with a four million dollar payout.
Anne Arundel Dermatology class action settlement filed after 2025 alleged unauthorized system access offers up to $5,000 and three years of monitoring for exposed patients.
Endue Software agreed in 2025 to settle a U.S. class action for a February 2025 targeted cyberattack involving unauthorized access to private information.
Esse Health class action settlement for an April 2025 cyberattack offers eligible claimants an estimated $50 cash payment and two years of medical identity monitoring.
Cardiovascular Consultants agreed to a 3.85 million settlement after a September 2023 breach potentially exposed patient Social Security numbers and other identifiers.
Concord (N.H.) Orthopedics settled a class-action over a November 2024 cybersecurity incident, notifying affected individuals in March 2025 after access to patient data.
Former Nuance employee accessed Geisinger patient records in November 2023 in Pennsylvania; a 5 million class action settlement was approved in March 2026.
⭐️⭐️
Community First Medical Center in Chicago reached a 1 million dollar class action settlement for a July 12 2023 data breach.
Murfreesboro Medical Clinic in Tennessee faced a 2023 ransomware breach; a class action settlement received preliminary approval in September 2025 to provide cash payments and two years of credit monitoring to affected patients and employees.