Serviceaide Pays $1.8 Million to Settle Data Breach Litigation
Serviceaide, Inc., a provider of AI-powered solutions to boost productivity and enhance service delivery, has agreed to pay $1.8 million to settle a lawsuit stemming from a 2024 data breach that exposed the protected health information of patients of its client, Catholic Health.
Catholic Health is a Buffalo, NY-based non-profit healthcare system serving patients in Western New York through its hospitals, nursing homes, home care agencies, and physician practices. Catholic Health contracted with Serviceaide, and the provision of the contracted services required access to patient data. On or around November 15, 2024, Serviceaide identified unauthorized access to its systems. The forensic investigation confirmed that an unauthorized third party had access to its network from September 19, 2024, to November 5, 2024.
Servieaide determined that a database containing the records of approximately 483,000 Catholic Health patients was potentially accessed or obtained. The database contained names, dates of birth, Social Security numbers, medical/health information, treatment information, health insurance information, and email/usernames and accompanying passwords. The affected individuals were notified about the data breach on May 9, 2025.
Eleven class action lawsuits were filed in response to the data breach, which were consolidated – Nancy Balzer, et al., v. Serviceaide, Inc. – in the Supreme Court of the State of New York, County of Nassau. The consolidated lawsuit alleges that the data breach should have been prevented and was the result of negligence on the part of the defendant. The lawsuit asserted claims for negligence, breach of implied contract, unjust enrichment, invasion of privacy, violations of California’s Unfair Competition Law, Cal. Bus. & Prof. Code §§ 17200, et seq., and declaratory judgment.
Serviceaide denies all wrongdoing, and disagrees with all claims and contentions in the lawsuit. The defendant filed a motion to dismiss, and the plaintiffs filed their opposition to the motion. To conserve resources for the benefit of the class members, the parties explored a potential settlement. As a result of hard-fought negotiations, the terms of a settlement were agreed, and the settlement has now been finalized.
Under the terms of the settlement, Serviceaide has agreed to establish a $1,800,000 settlement fund, from which attorneys’ fees and expenses, settlement administration and notification costs, and service awards for the 15 class representatives will be deducted. The remainder of the fund will be used to pay valid claims from the class members.
Class members may claim one of two cash payments. They may submit a claim for reimbursement of documented, unreimbursed losses due to fraud or identity theft as a result of the incident, and other losses up to a maximum of $5,000 per class member. Alternatively, a claim may be submitted for a cash payment, estimated to be approximately $50 per claim. The cash payments will be paid pro rata after the claims for losses have been paid. The deadline for submitting a claim is September 1, 2026. The final fairness hearing has been scheduled for September 16, 2026. The deadline for objection and opting out is August 17, 2026.
The post Serviceaide Pays $1.8 Million to Settle Data Breach Litigation appeared first on The HIPAA Journal.
NexusTek Powers Healthcare’s HIPAA-Aligned Future – The AI Journal
NexusTek Powers Healthcare’s HIPAA-Aligned Future – PR Newswire
Verizon Releases Inaugural Breach Impact Study – The HIPAA Journal
Verizon Releases Inaugural Breach Impact Study
Verizon Business has released the findings from its inaugural Breach Impact Study, which focuses on the financial impact of data breaches. The BIS report is from the same authoring team as the Verizon Data Breach Investigations Report and was produced in partnership with CyberAcuView. The report is based on an analysis of around 70,000 U.S. cyber insurance claims, including 38,000 claims where the policies paid out. The data spans from January 2019 to October 2025.
In contrast to many data breach cost reports, the report is based on median claim amounts rather than averages, which are susceptible to skewing. In 2019, the median financial impact was around $60,000, rising by 80% to $110,000 in 2025, with data breach costs outpacing inflation, which was around 23% over the period of the study. More than half of paid-out claims exceeded $83,000, with 10% having an impact of $920,000 or more. The most extreme 2.5% of cases exceeded $5 million in losses.
The report shows that data breach costs almost doubled between 2019 and 2025, with business interruption the single largest loss driver, followed by loss to threat actor and response and recovery.

Known losses over time. Source: Verizon 2026 Breach Impact Study.
For software supply chain and third-party incidents, business interruption accounted for 50% of all losses. Software supply chain incidents and third-party breaches are relatively rare, accounting for around 2% of claims in the dataset, but when they occur, they can be catastrophic, with costs more than double the overall dataset. In the most extreme cases, losses exceeded $100 million.
The median impact was around $38,000 in the SMB segment, rising to $96,000 in the mid-market segment, and $238,000 for large enterprises, with the top 2.5% of large enterprise claims exceeding $22 million per claim. While breach costs were relatively low in the SMB segment, the ratio of impact amounts to insured revenue was as high as 3% in the top 10% of cases, and was 7% in the most extreme cases. Without an insurance policy, these incidents could have been extremely damaging. In the mid-market and large enterprise segments, the ratio did not go above 2% in the top 2.5% of extreme cases.
Healthcare had relatively high external liability costs compared to other sectors. The dataset included more than 8,640 claims with 5,100 recorded losses. Healthcare accounted for 23% of total losses, with a median liability loss 57% higher than the overall dataset. Response and recovery accounted for 29% of total losses, followed by business interruption (24%) and external liability (23%).

Distribution of the economic impact of breaches in healthcare. Source: Verizon 2026 Breach Impact Study
The most common incident type in healthcare that prompted a claim was a ransomware attack (39%), which represented 60% of the total cost with a median cost of $77,051. Business email compromise (BEC) was involved in 22% of cases, accounting for 10% of the costs, with a median cost of $94,924.
The post Verizon Releases Inaugural Breach Impact Study appeared first on The HIPAA Journal.