Your doctor's office was hacked. You probably don't know. And there might be money waiting for you right now.

Healthcare organizations are the single most targeted industry for cyberattacks β€” not because hackers care about your blood pressure readings, but because your complete medical record sells for $250 on the dark web compared to less than $1 for a stolen credit card number. Your name, Social Security number, date of birth, health insurance details, and full medical history in one convenient file. For identity thieves, it's a gold mine.

When healthcare companies get hacked and expose your data, federal law (HIPAA) requires them to notify you. But here's what the notification letter doesn't tell you: you may be entitled to cash compensation through a class action settlement.

Why Medical Data Breaches Are Different

Credit card fraud is fixable β€” your bank cancels the card, issues a new one, and you're whole within days. Medical identity theft is a years-long nightmare. Thieves use your insurance information to get treatments, procedures, and prescriptions billed to your account. You discover it when a collections agency calls about a $12,000 hospital bill for surgery you never had, or when you're denied coverage because your record shows a condition you don't have.

This is why courts and legislatures take medical data breaches seriously β€” and why settlements in healthcare breach cases tend to be larger than typical consumer fraud cases. The harm is real, lasting, and hard to undo.

What Information Gets Exposed

Healthcare data breaches typically expose some combination of:

  • Full legal name and date of birth
  • Social Security number
  • Medical record numbers and patient IDs
  • Health insurance information (member ID, group number, payer)
  • Diagnosis and treatment information
  • Prescription history
  • Financial information used for billing
  • Driver's license numbers

Any one of these alone is valuable to criminals. A full set is extremely dangerous. The more sensitive the information exposed β€” particularly mental health, substance abuse, or HIV/AIDS records β€” the larger the potential settlement payment.

How Healthcare Data Breach Settlements Work

After a breach is discovered, affected individuals typically receive a notification letter. Class action attorneys then file suit on behalf of all affected patients. The healthcare company negotiates a settlement fund. You file a claim to get your share.

Most healthcare breach settlements offer two tiers:

  1. Flat base payment β€” A set amount just for being in the class. No documentation required. Usually $25–$100.
  2. Documented losses payment β€” Additional compensation for actual out-of-pocket expenses. This is where the big numbers come from β€” some settlements pay up to $7,500 for documented harm.

What counts as documented losses? Things like the cost of credit monitoring you purchased after the breach, time spent dealing with identity theft (calculated at a set hourly rate), bank fees from unauthorized transactions, and legal or professional fees related to the breach.

Open Healthcare Data Breach Settlements Right Now

NextGen Healthcare β€” $50 to $7,500

NextGen Healthcare is one of the largest electronic health records (EHR) providers in the country, serving thousands of medical practices. In early 2023, hackers used stolen credentials to access NextGen's database, exposing the personal information of approximately 1 million patients.

Who qualifies: Anyone who received a notification letter from NextGen Healthcare about the breach.
Base payment: $50 with no documentation required.
Maximum payment: Up to $7,500 with documented losses.
Deadline: March 30, 2026

File your NextGen Healthcare claim

Community First Medical Center β€” $40 to $5,000

Community First Medical Center, a Chicago-area hospital, experienced a cyberattack that compromised sensitive patient information including Social Security numbers, financial account information, and medical treatment records.

Who qualifies: Patients who received a breach notification from Community First Medical Center.
Base payment: $40 flat.
Maximum payment: Up to $5,000 for out-of-pocket losses.
Deadline: April 2, 2026

File your Community First Medical claim

ALN Medical Management β€” $50 to $5,000

ALN Medical Management provides billing and administrative support services to dozens of independent medical practices. Because they act as a clearinghouse for patient billing data, a breach at ALN affected patients across multiple healthcare providers β€” many of whom had no idea ALN even had their information.

Who qualifies: Anyone who received a notification letter about the ALN Medical Management breach.
Base payment: $50 with no documentation.
Maximum payment: Up to $5,000.
Deadline: April 3, 2026

File your ALN Medical Management claim

California Northstate University β€” $100 to $5,000

California Northstate University College of Medicine and its affiliated health system experienced a data security incident that exposed student and patient information including Social Security numbers and financial data.

Who qualifies: Students, employees, and patients who received a notification letter.
Base payment: $100 flat, no documentation required.
Maximum payment: Up to $5,000 for documented harm.
Deadline: April 6, 2026

File your California Northstate University claim

Capital Health Data Breach β€” $100 to $5,000

Capital Health, a regional healthcare system serving New Jersey and the surrounding area, experienced a ransomware attack that disrupted hospital operations and exposed patient data for over a million individuals.

Who qualifies: Current and former patients who received a breach notification from Capital Health.
Base payment: $100 flat.
Maximum payment: Up to $5,000.
Deadline: April 6, 2026

File your Capital Health claim

Granite Wellness Centers β€” $725,000 Fund

This case is notable because Granite Wellness Centers provides substance abuse and mental health treatment services β€” meaning the exposed records are among the most sensitive possible. Mental health and addiction treatment records carry special legal protections precisely because of the harm that can result from their disclosure.

Who qualifies: Patients who received a notification from Granite Wellness Centers.
Payout: Pro-rata share of $725,000 settlement fund.
Deadline: March 28, 2026 β€” This deadline is imminent.

File your Granite Wellness claim now

DataMaxx Applied Technologies β€” $50 to $2,500

DataMaxx provides technology services to healthcare organizations, including data management and billing support. Their breach affected patients of multiple healthcare providers across their client network.

Who qualifies: Anyone who received a DataMaxx breach notification.
Base payment: $50, no documentation needed.
Maximum payment: Up to $2,500 with documented losses.
Deadline: April 6, 2026

File your DataMaxx claim

How to Maximize Your Healthcare Breach Settlement Payout

The flat base payment is easy money β€” file the form, get the check. But if you've experienced any actual impact from the breach, documenting it can multiply your payout significantly. Here's what to gather:

  • Credit monitoring purchases: If you signed up for LifeLock, Experian, or any identity monitoring service after the breach, save those receipts. Most settlements reimburse up to $150/month.
  • Bank fees and charges: Any fees from accounts you had to close and reopen, fraudulent charges you had to dispute, or overdraft fees caused by unauthorized transactions.
  • Professional help: Did you pay a credit repair service, attorney, or financial advisor to help deal with the fallout? Document every payment.
  • Lost time: Most settlements allow you to claim your time spent dealing with the breach at $25/hour. Keep a log: time spent calling credit bureaus, placing fraud alerts, dealing with fraudulent accounts.
  • Out-of-pocket medical costs: If you had to switch providers, pay for duplicate tests, or incur costs because your insurance was compromised, those are recoverable.

How to Find Out If You Were in a Breach

Did you receive a notification letter? Check your email (including spam) for messages from "claims administrators" or breach notification services. Check physical mail too β€” many breach notices arrive by paper.

If you're not sure whether you were affected, use our settlement finder to see which healthcare breaches match your history of providers, or check the SettlementRadar blog for the latest coverage on open healthcare cases.

Don't wait β€” most of these deadlines are in the next two weeks. Browse all open healthcare settlements and file today.