A $2 million settlement has received preliminary approval from the court to resolve a class action lawsuit against Southwest Louisiana Hospital Association, which does business as Lake Charles Memorial Health, that stemmed from a 2022 data breach that affected 269,752 patients.

The Louisiana health system identified suspicious activity within its computer network on October 21, 2022, and it was later confirmed that an unauthorized third party had access to its network between October 20, 2022, and October 21, 2022. During that time, files were exfiltrated from the network, including names, addresses, dates of birth, medical record numbers, patient identification numbers, health insurance information, payment information, limited clinical information, and in some cases, Social Security numbers. The affected individuals were notified on December 23, 2025.

The first lawsuit stemming from the data breach was filed on January 5, 2023, in the Calcasieu Parish District Court in Louisiana. Further lawsuits were filed, which were consolidated into a single complaint as they were materially and substantively identical and had overlapping claims. The consolidated complaint – Salinas et al v. Southwest Louisiana Hospital Association dba Lake Charles Memorial Health System – alleged claims of negligence, breach of fiduciary duty, unjust enrichment, breach of express contract, breach of implied contract, invasion of privacy, and breach of confidence.

Lake Charles Memorial Health disagrees with the claims made in the action and maintains that there was no wrongdoing and is no liability. On the second attempt at mediation, an agreement was reached in principle to resolve the litigation. The class representatives believe the settlement is best for all class members due to the costs, risks, and uncertainty associated with trial, and the nature of the defenses raised by the defendant.

Under the terms of the settlement, all class members may claim two years of medical data monitoring and identity theft protection services. In addition, claims may be submitted for one of two benefits. A claim may be submitted for reimbursement of out-of-pocket expenses fairly traceable to the data breach up to a maximum of $5,000 per class member, which can include up to three hours of lost time at $25 per hour.

Alternatively, a claim may be submitted for a cash payment, which will be paid pro rata after attorneys’ fees (up to $666,600), legal expenses, settlement administration costs ($50,000), class representative awards (11 x $1,500), claims, and medical data monitoring and identity theft protection costs have been deducted.

The settlement has received preliminary approval from the court, and the final fairness hearing is scheduled for November 3, 2025. The deadline for opting out of the settlement is September 5, 2025, and claims must be submitted by September 5, 2025.

The post Lake Charles Memorial Health Agrees to $2 Million Data Breach Settlement appeared first on The HIPAA Journal.