A Chicago anti-poverty organization and associated companies have agreed to a $300,000 settlement to resolve a class action lawsuit filed in response to a 2022 data breach. On or around December 15, 2022, Heartland Alliance disclosed a data security incident and mailed notification letters on or around December 21, 2022. An unauthorized third party had access to its network, where files containing sensitive data were stored. Those files contained names, dates of birth, Social Security numbers, driver’s license numbers, bank account numbers, and medical/health information. While the data breach was announced in December 2022, the hackers gained access to the network on January 26, 2022. Heartland Alliance reported the data breach to the HHS’ Office for Civil Rights as involving the protected health information of 46,694 individuals.

A lawsuit was filed against the several Heartland entities – Wittmeyer et al. v. Heartland Alliance for Human Needs & Human Rights, Heartland Alliance Health, Heartland Alliance International, LLC, Heartland Housing, Inc., and Heartland Human Care Services, Inc. – in the Circuit Court for Lake County, Illinois, County Department, Chancery Division over the data breach. The plaintiffs alleged that the defendants were negligent due to failing to implement reasonable security measures pursuant to HIPAA, the FTC Act, and the Illinois Consumer Fraud and Deceptive Business Practices Act.

The lawsuit also asserted claims of negligence per se, related to the lack of encryption or equivalent safeguards as required by HIPAA, breach of contract, breach of implied contract, and a violation of the Illinois Consumer Fraud and Deceptive Business Practices Act. The defendants deny all claims and contentions in the litigation and maintain there was no wrongdoing; however, a settlement was agreed after considering the costs, expenses, distraction, and risks associated with continuing with the litigation.

Under the terms of the settlement, class members may claim compensation for documented, unreimbursed losses of up to $6,000. That includes up to $1,000 for ordinary losses and up to $5,000 for extraordinary losses due to identity theft and fraud. Claims may also be submitted for up to three hours of lost time at $22.50 per hour as compensation for time spent resolving issues related to the data breach. The settlement also includes two years of three-bureau credit monitoring services, which include a $1 million identity theft insurance policy.

The settlement has received preliminary approval from the court, and the final approval hearing has been scheduled for November 19, 2025. Individuals wishing to object to or exclude themselves from the settlement must do so by September 30, 2025, and claims for compensation, lost time, and credit monitoring services must be submitted by October 30, 2025. Further information can be found on the settlement website: https://heartlanddatasettlement.com/

The post Heartland Alliance Agrees to Data Breach Settlement appeared first on The HIPAA Journal.

Settlements have received preliminary approval from the courts to resolve class action data breach litigation against Family Health Center in Michigan and NorthCare in Oklahoma.

Family Health Center Class Action Data Breach Settlement

Family Health Center, a Michigan healthcare provider with three locations in Kalamazoo, has agreed to settle class action data breach litigation stemming from a January 25, 2024, cyberattack that exposed the personal and protected health information of up to 34,926 individuals. The ransomware attack prevented access to certain systems, and the forensic investigation confirmed unauthorized access to names, addresses, health insurance information, Social Security numbers, and medical information. The affected individuals were notified about the data breach on March 24, 2024.

Two lawsuits were filed in response to the data breach – Donald Vickery, et al. v. Family Health Center, Inc., and Janet Walker v. Family Health Center, Inc. – in the Ninth Judicial Circuit in and for Kalamazoo County, Michigan. The two lawsuits had overlapping claims and were consolidated on October 16, 2024. The consolidated lawsuit alleged negligence, negligence per se, breach of implied contract, unjust enrichment, breach of fiduciary duty, invasion of privacy, and violations of the Michigan Data Breach Notification Act and the Michigan Consumer Protection Act.

The parties mediated on January 15, 2024, and reached an agreement in principle to settle the litigation, with no admission of wrongdoing or liability. All parties agreed to the settlement to avoid the litigation costs and expenses, distractions, burden, expense, and disruption to business operations associated with further litigation. Under the terms of the settlement, the defendants will establish a settlement fund of up to $850,000 to cover attorneys’ fees (up to $283,305), attorneys’ expenses (yet to be determined), service awards to the class representatives ($1,500 for each of the six named plaintiffs), settlement administration costs (up to $75,000), credit monitoring costs (yet to be determined) and payments to class members.

Class members may claim one of two cash payments. Cash Payment A can be claimed as reimbursement for documented, unreimbursed out-of-pocket losses incurred as a result of the data breach up to a maximum of $5,000 per class member. Alternatively, a claim can be submitted for Cash Payment B, which is a flat cash payment of $50.00. In addition to either of the cash payments, class members may claim two years of credit monitoring, dark web monitoring, and managed identity recovery services, which include a $1 million identity theft insurance policy.

The settlement has received preliminary approval from the court, and the final fairness hearing has been scheduled for October 17, 2025. Class members wishing to object to or exclude themselves from the settlement must do so by September 8, 2025, and claims must be submitted by October 8, 2025. Further information is available on the settlement website: https://www.fhcdatasettlement.com/

NorthCare Class Action Data Breach Settlement

NorthCare, an Oklahoma City-based mental health clinic, has agreed to settle a class action lawsuit stemming from a June 1, 2021, ransomware attack that involved unauthorized access to the protected health information of up to 128,556 individuals. A ransomware group first gained access to its network on or around May 29, 2021, and potentially viewed or obtained information such as names, addresses, dates of birth, medical diagnoses, and Social Security numbers.

A lawsuit – Ana Chavez Maendele, et al. v. North Oklahoma County Mental Health Center, d/b/a NorthCare – was filed in the District Court of Oklahoma County, Oklahoma, alleging NorthCare was negligent by failing to implement reasonable and appropriate safeguards to prevent unauthorized access to its network. NorthCare maintains there was no wrongdoing and no liability, and said it was prepared to vigorously defend the lawsuit; however, a settlement has been agreed to avoid the burden, expense, risk, and uncertainty of continuing to litigate.

Under the terms of the settlement, NorthCare has agreed to provide benefits to class members. Claims may be submitted for reimbursement of documented, unreimbursed out-of-pocket expenses and financial losses fairly traceable to the data breach up to a maximum of $2,000 per class member. In addition, a claim may be submitted for reimbursement of time spent remedying the effects of the data breach up to a maximum of $100 (5 x hours at $20 per hour).

Alternatively, a cash payment of $125 can be claimed by individuals who do not claim reimbursement of losses and/or reimbursement of lost time. All class members can claim three years of single-bureau credit monitoring services. Claims and cash payments will be paid after all costs and expenses have been deducted from the settlement fund. Attorneys’ fees will be up to $250,000, and class representative awards will be $2,000 per named plaintiff.

The deadline for exclusion from and objection to the settlement is September 12, 2025. Claims must be submitted by October 11, 2025, and the final fairness hearing has been scheduled for December 15, 2025.

The post Family Health Center; NorthCare Settle Data Breach Lawsuits appeared first on The HIPAA Journal.

Valhalla, NY-based Boston Children’s Health Physicians (BCHP) and ATSG Inc. have agreed to pay $5,150,000 to settle a class action lawsuit stemming from a September 2024 cyberattack and data breach that affected approximately 918,000 individuals.

BCHP is a multi-specialty pediatric group serving newborns and children in New York and Connecticut. On September 6, 2024, BCHP learned that a hacking group had gained access to systems of its managed services provider (ATSG Inc. – now XTIUM Inc.), and on September 10, 2024, the hacking group abused the IT vendor’s access to breach its own systems.

The Bianlian hacking group claimed responsibility for the attack and gained access to names, Social Security numbers, addresses, dates of birth, driver’s license numbers, medical record numbers, health insurance information, billing information, and limited treatment information. The breach was reported to the HHS as involving the protected health information of 909,469 patients, and employee data was also compromised, with approximately 918,000 individuals in total affected by the breach.

Five lawsuits were filed in response to the data breach, which were consolidated into a single lawsuit – Noni Wahab, et al. v. Boston Children’s Health Physicians, LLP and ATSG Inc.– in the Supreme Court of the State of New York, County of Westchester. The consolidated class action complaint alleged negligence, negligence per se, breach of implied contract, breach of third-party beneficiary contract, unjust enrichment, and a violation of New York General Business Law.

The defendants maintain there was no wrongdoing and no liability; however, they chose to settle the lawsuit to avoid the litigation costs, expenses, distractions, burden, and disruption to business operations associated with continuing with the litigation. Under the terms of the settlement, the defendants will establish a $5,150,000 settlement fund to cover attorneys’ fees (up to $1,716,667), attorneys’ expenses (yet to be determined), service awards to the class representatives ($2,500 for each of the named plaintiffs), credit monitoring costs (yet to be determined), settlement administration costs (yet to be determined), and payments to class members.

Two cash payments are available. Class members may submit a claim for reimbursement of documented, unreimbursed losses fairly traceable to the data breach up to a maximum of $5,000 per class member. Alternatively, class members may choose to receive a pro rata cash payment, which will be paid after all costs and claims have been paid. The cash payment is expected to be $100, but may be increased or decreased depending on the number of claims received.

In addition to a cash payment, class members may claim two years of Cyex Medical Shield Medical Data Monitoring, which includes medical identity monitoring, real-time alerts, and a $1 million identity theft insurance policy. The settlement has received preliminary approval from the court, and the final fairness hearing has been scheduled for December 10, 2025. Class members wishing to object to or exclude themselves from the settlement must do so by November 10, 2025, and claims must be submitted by November 25, 2025. Further information is available on the settlement website: https://bchpsettlement.com/

The post Boston Children’s Health Physicians Pays $5.15M to Settle Data Breach Lawsuit appeared first on The HIPAA Journal.

Dental Group of Amarillo in Texas and Heart South Cardiovascular Group in Alabama have settled class action lawsuits to resolve claims related to hacking incidents and data breaches. The dental group has agreed to pay $1 million, and the cardiovascular group will pay $500,000 to cover fees, expenses, and claims from the class members.

Dental Group of Amarillo Data Breach Settlement

Dental Group of Amarillo, a network of six dental and orthodontic facilities in Amarillo, Dumas, and Canyon in Texas, has agreed to pay $1,000,000 to settle a class action lawsuit filed in response to a 2023 cyberattack and data breach.

A hacking group accessed its network between October 3, 2023, and October 19, 2023, and on January 9, 2024, Dental Group of Amarillo confirmed that patient names, contact information, Social Security numbers, driver’s license numbers, and health insurance information, and medical information (including x-rays, medical histories, dates of service) were exposed and potentially stolen. The data breach was reported to the HHS’ Office for Civil Rights as involving the protected health information of 3,821 patients.

A lawsuit was filed in response to the breach – Barham v. Dental Group of Amarillo, LLP – in the District Court for the 251^st Judicial District, Potter County, Texas, alleging negligence for failing to safeguard personally identifiable information (PII) and protected health information (PHI). The lawsuit also alleged the response to the incident was inadequate, as it took until January 9, 2024, to confirm the data breach, and the HHS was not notified until March 6, 2024 – 60 days after the breach was confirmed, and 132 days after the cyberattack was first discovered. Individual notification letters were mailed on May 9, 2024, 196 days after the cyberattack was first identified. The delay was alleged to be a violation of Tex. Bus. & Com. Code Ann. § 521.053 and HIPAA.

In addition to negligence, the lawsuit asserted claims of negligence per se (violations of the Texas Identity Theft Enforcement and Protection Act, FTC Act, and HIPAA), breach of fiduciary duty, unjust enrichment, and breach of implied contract. Dental Group of Amarillo maintains there was no wrongdoing, but agreed to a settlement to avoid the costs, risks, disruptions, and uncertainties associated with continuing the litigation. Legal counsel and the lead plaintiffs determined the settlement was best for class members for similar reasons.

Under the terms of the settlement, Dental Group of Amarillo has agreed to establish a $1,000,000 settlement fund to cover attorneys’ fees (up to $333,333), attorneys’ expenses (yet to be determined), service awards to the class representatives ($2,500 each), settlement administration costs (yet to be determined), credit monitoring services, and payments to class members.

There are two potential cash payments on offer. Class members may submit a claim for up to $5,000 for reimbursement of documented, unreimbursed monetary losses or, alternatively, may choose a cash payment, which is expected to be approximately $125 per class member. The cash payments will be paid pro rata and could be higher or lower depending on the number of valid claims received.

In addition to a cash payment, class members may claim three years of three-bureau credit monitoring services, which include dark web monitoring, medical identity monitoring, public record monitoring services, and an identity theft insurance policy. The deadline for opting out of or objecting to the settlement is September 29, 2025, the claim submission deadline is October 13, 2025, and the final approval hearing has been scheduled for October 27, 2025. Further information is available on the settlement website: https://www.dgadatasettlement.com/

Heart South Cardiovascular Group Data Breach Settlement

Heart South Cardiovascular Group, a provider of cardiac and vascular care at three locations in Clanton, Alabaster, and Centreville in central Alabama, has agreed to settle litigation stemming from a May 2024 data breach that affected 20,577 patients. Heart South Cardiovascular Group identified the cyberattack on May 30, 2024, and the forensic investigation confirmed unauthorized access to its network between May 29, 2024, and May 30, 2024. The hackers potentially obtained names, addresses, birth dates, driver’s license numbers, Social Security numbers, diagnoses, lab results, medications, and other treatment information.

Several lawsuits were filed in response to the data breach, which were consolidated into a single lawsuit – Kornegay et al. v. Heart South Cardiovascular Group, P.C. – in the Circuit Court of Bibb County, Alabama. The lawsuit asserted several claims: negligence for failing to implement appropriate safeguards to prevent unauthorized access to sensitive patient data, negligence per se, wantonness, breach of an express or implied contract, and unjust enrichment.

Heart South Cardiovascular Group denied all claims and contentions in the litigation and maintains there was no wrongdoing. The decision was taken to settle the lawsuit to avoid the costs, disruptions, and uncertainties associated with continuing the litigation. Under the terms of the settlement, Heart South Cardiovascular Group has agreed to establish a $500,000 settlement fund to cover attorneys’ fees (up to $186,666.66), attorneys’ expenses (yet to be determined), service awards to the class representatives ($4,000 for each of the 5 named plaintiffs), settlement administration costs (yet to be determined), credit monitoring services, and payments to class members.

Class members may submit a claim for reimbursement of documented, unreimbursed out-of-pocket losses fairly traceable to the data breach that happened on or after May 29, 2024, up to a maximum of $5,000 per class member. All class members may submit a claim for two years of Medical Shield Complete services, which include credit monitoring, dark web monitoring, real-time inquiry alerts, and a $1 million identity theft insurance policy. All class members may also submit a claim for a cash payment, which will be paid pro rata after fees, expenses, and claims have been paid, and is expected to be around $50.

The deadline for objecting to and opting out of the settlement is September 9, 2025, and the deadline for submitting a claim is October 9, 2025. A date has yet to be set for the final fairness hearing.

The post Medical and Dental Groups Settle Class Action Data Breach Lawsuits appeared first on The HIPAA Journal.

HCA Healthcare Inc. has agreed to settle class action litigation stemming from a July 2023 data breach that was reported to the HHS’ Office for Civil Rights as affecting 11,270,000 patients. The affected individuals had received healthcare services at HCA hospitals and doctors’ offices in 20 U.S. states.

HCA Healthcare was targeted by hackers who accessed and stole data from an external storage location, which was used to automate the formatting of email messages. A database was stolen that contained 27.7 million records. The hackers listed the database for sale when the ransom was not paid. Data compromised in the incident included names, contact information, dates of birth, and appointment information.

HCA Healthcare announced the data breach on or around July 10, 2024, and the first class action lawsuit was filed within a couple of days of the announcement. In total, 27 putative class action lawsuits were filed against HCA Healthcare in response to the data breach, which alleged negligence for inadequate cybersecurity practices and for failing to properly safeguard patient data. The lawsuits were consolidated – In re HCA Healthcare, Inc. Data Security Litigation – in the U.S. District Court for the Middle District of Tennessee.

HCA Healthcare denies the claims and contentions in the lawsuit; however, it negotiated a settlement to resolve the litigation, with no admission of liability or wrongdoing. While the total settlement amount has not been disclosed, attorneys for the plaintiffs may claim up to $3.1 million in fees. Attorneys usually claim one-third of the total settlement amount, which suggests the total settlement fund is greater than $9 million. The fifteen class representatives will each be paid a service award of up to $5,000.

Claims from class members will be paid once attorneys’ fees, expenses, settlement administration costs, and service awards have been deducted from the settlement fund. Class members may claim a one-year membership to a credit monitoring, fraud consultation, and identity theft restoration service, which includes a $1 million identity theft insurance policy. Class members may also submit a claim for reimbursement of documented, unreimbursed losses fairly traceable to the data breach up to a maximum of $5,000 per class member. HCA Healthcare has also confirmed that it will adopt, implement, and maintain security commitments to prevent similar incidents for at least two years from the settlement date. Those commitments have been filed under seal.

The deadline for exclusion from and objection to the settlement is August 25, 2025. Claims must be submitted by September 25, 2025, and the final fairness hearing is scheduled for October 27, 2025.

The post HCA Healthcare Multi-Million Dollar Data Breach Settlement Approved appeared first on The HIPAA Journal.

HCA Healthcare Inc. has agreed to settle class action litigation stemming from a July 2023 data breach that was reported to the HHS’ Office for Civil Rights as affecting 11,270,000 patients. The affected individuals had received healthcare services at HCA hospitals and doctors’ offices in 20 U.S. states.

HCA Healthcare was targeted by hackers who accessed and stole data from an external storage location, which was used to automate the formatting of email messages. A database was stolen that contained 27.7 million records. The hackers listed the database for sale when the ransom was not paid. Data compromised in the incident included names, contact information, dates of birth, and appointment information.

HCA Healthcare announced the data breach on or around July 10, 2024, and the first class action lawsuit was filed within a couple of days of the announcement. In total, 27 putative class action lawsuits were filed against HCA Healthcare in response to the data breach, which alleged negligence for inadequate cybersecurity practices and for failing to properly safeguard patient data. The lawsuits were consolidated – In re HCA Healthcare, Inc. Data Security Litigation – in the U.S. District Court for the Middle District of Tennessee.

HCA Healthcare denies the claims and contentions in the lawsuit; however, it negotiated a settlement to resolve the litigation, with no admission of liability or wrongdoing. While the total settlement amount has not been disclosed, attorneys for the plaintiffs may claim up to $3.1 million in fees. Attorneys usually claim one-third of the total settlement amount, which suggests the total settlement fund is greater than $9 million. The fifteen class representatives will each be paid a service award of up to $5,000.

Claims from class members will be paid once attorneys’ fees, expenses, settlement administration costs, and service awards have been deducted from the settlement fund. Class members may claim a one-year membership to a credit monitoring, fraud consultation, and identity theft restoration service, which includes a $1 million identity theft insurance policy. Class members may also submit a claim for reimbursement of documented, unreimbursed losses fairly traceable to the data breach up to a maximum of $5,000 per class member. HCA Healthcare has also confirmed that it will adopt, implement, and maintain security commitments to prevent similar incidents for at least two years from the settlement date. Those commitments have been filed under seal.

The deadline for exclusion from and objection to the settlement is August 25, 2025. Claims must be submitted by September 25, 2025, and the final fairness hearing is scheduled for October 27, 2025.

The post HCA Healthcare Multi-Million Dollar Data Breach Settlement Approved appeared first on The HIPAA Journal.

Settlements have been reached with two healthcare entities to resolve allegations that they used pixels and other tracking tools on their websites, which disclosed sensitive data to third parties without the knowledge or consent of website users.

Tracking tools such as Meta Pixel and Google Analytics code are used on websites to track user behavior, such as the pages visited, actions taken on web pages, time spent on the site, and other information. These tools transmit the collected information to third parties along with unique identifiers. Website owners can use the information collected by these tools to improve their websites, and the collected data can be used for advertising purposes. For instance, if a web user visited a page about stopping smoking, they could be targeted with adverts for smoking cessation products on other websites.

Aspen Dental Management Settlement – $18.5 Million

Aspen Dental Management, a Chicago, IL-based dental support organization serving approximately 1,100 Aspen Dental offices across the United States, was sued over its use of tracking tools that transmitted web user data to Meta (Facebook) and Google without users’ knowledge or consent between 2022 and 2025.

Several lawsuits were filed in response to the impermissible disclosures, which were consolidated into a single complaint, Donnelly, et al. v. Aspen Dental Management, Inc., in the United States District Court for the Northern District of Illinois. The lawsuit alleged negligence and violations of the Electronic Communications Privacy Act, Florida Security of Communications Act, California Invasion of Privacy Act, California Confidentiality of Medical Information Act, and the Pennsylvania Wiretap Act.

Aspen Dental Management maintains there was no wrongdoing and denies all of the claims and contentions in the lawsuit; however, the decision was made to settle the lawsuit as the litigation was likely to be protracted and expensive, with an uncertain outcome. Class counsel and the class representatives believe the settlement is in the best interests of the class members.

Under the terms of the settlement, Aspen Dental Management will establish settlement funds totaling approximately $18.5 million to cover attorneys’ fees, expenses, settlement administration costs, class representative awards, and claims from class members.  There are two subclasses in the settlement. Group 1 consists of individuals who booked an appointment via the website between February 20, 2022, and June 1, 2023, and Group 2 consists of individuals who booked an appointment on the website between June 2, 2023, and January 1, 2025.

There are approximately 621,370 individuals in Group 1 and 1,625,000 individuals in Group 2. Aspen Dental Management will establish a fund of $2,796,169.50 for Group 1 and a fund of $15,673,220 for Group 2. Class members in Group 1 will receive a pro rata cash payment once attorneys’ fees, expenses, service awards, and settlement administration costs have been deducted from the settlement fund. Class members in Group 2 will receive a cash payment of $15, subject to a pro rata reduction depending on the number of claims received.

The deadline for exclusion from the settlement, opting out, and submitting a claim is September 15, 2025. The settlement has received preliminary approval from the court, and the final fairness hearing is scheduled for October 20, 2025.

Southern Mono Healthcare District (Mammoth Hospital)

Southern Mono Healthcare District, doing business as Mammoth Hospital, was also sued over the use of pixels on its website. The lawsuit, Doe v. Southern Mono Healthcare District, was filed on August 9, 2023, in the Mono County Court in Mono County, California. The lawsuit survived a motion to dismiss and was moved to the Superior Court of California, Mono County. The lawsuit claimed the use of the tracking tools violated California privacy laws.

The defendants maintain there is no liability and no wrongdoing, but chose to settle the lawsuit to avoid the costs and risks of trial. The settlement covers Mammoth Hospital patients who used the Mammoth Web Properties to access the “Your Medical Record” section on the website (mammothhospital.org) between August 9, 2022, through August 9, 2023.

Class members can claim two benefits. All class members may claim a 12-month membership to CyEx Privacy Shield Pro, which includes dark web monitoring for personal information, plus a one-time cash payment of $20. The deadline for opting out and objecting to the settlement is September 15, 2025, and the deadline for submitting a claim is October 14, 2025. The settlement has received preliminary approval from the court, and the final fairness hearing has been scheduled for November 6, 2025.

There has been a flurry of settlements in recent weeks to resolve pixel-related lawsuits against healthcare providers, including MarinHealth, University of Rochester Medical Center, BJC Healthcare, Henry Ford Health, and Eisenhower Health.

The post Healthcare Organizations Settle Website Tracking Class Action Lawsuits appeared first on The HIPAA Journal.

Bone & Joint Clinic S.C. has agreed to pay $575,000 to settle a class action lawsuit stemming from a January 2023 security incident that affected 105,094 current and former patients and employees.

Bone & Joint is an orthopedic and pain management clinical practice in Northcentral Wisconsin. On January 16, 2025, a security incident was identified that caused network disruption. An unauthorized third party accessed its network, used ransomware to encrypt files, and may have obtained protected health information such as names, contact information, dates of birth, Social Security numbers, health insurance information, diagnoses, treatment information, and other sensitive data.

Lawsuits were filed by four Bone & Joint Clinic patients, which were consolidated into a single complaint – Keith Tesky, et al. vs. Bone & Joint Clinic, S.C., – in the U.S. District Court for the Western District of Wisconsin. The lawsuits claimed that the practice failed to implement reasonable and appropriate safeguards to protect sensitive employee and patient data. The consolidated lawsuit asserted claims of negligence, negligence per se, breach of fiduciary duty, breach of implied contract, invasion of privacy, unjust enrichment, unfair and deceptive business practices, and a violation of Wisconsin law, which prohibits the unauthorized release of healthcare information.

Bone & Joint Clinic denies any wrongdoing and maintains there is no liability; however, a settlement was agreed to avoid the burden and expense of litigation. Under the terms of the settlement, class members may submit a claim for reimbursement of documented, unreimbursed out-of-pocket losses fairly traceable to the data breach up to a maximum of $5,000 per class member.

Class members may also submit a claim for a pro rata cash payment, which is expected to be $75, but may be higher or lower depending on the number of valid claims received. The cash payments will be paid from the remainder of the settlement after attorneys’ fees (up to $191,475), attorneys’ expenses (up to $20,000), service awards (up to $2,000 for each of the four named plaintiffs), and settlement administration costs have been deducted.

The deadline for exclusion from and objection to the settlement is September 15, 2025. Claims must be submitted by October 15, 2025, and the final fairness hearing has been scheduled for January 7, 2025.

The post Bone & Joint Clinic Settles Ransomware Class Action Lawsuit for $575,000 appeared first on The HIPAA Journal.