How Healthcare Data Breach Settlements Work — And How to Claim Up to $10,000

If you have ever gotten a letter from a hospital, pharmacy, or insurance company saying your personal information was exposed in a data breach — there is almost certainly a class action settlement attached to it. Healthcare data breach settlements pay the highest per-person compensation of any class action category, with individual payouts ranging from $100 to $10,000 or more. Here is exactly how they work, how to claim yours, and which major settlements are still open right now.

Why Healthcare Breach Settlements Pay More Than Other Breaches

A retail data breach that exposes your email address might generate a $5 settlement payment per person. A healthcare data breach that exposes your Social Security number, medication history, and mental health records generates settlements of $500 to $10,000 per person. The difference comes down to three things.

HIPAA Creates Automatic Liability

The Health Insurance Portability and Accountability Act mandates specific cybersecurity standards for protected health information (PHI). When a hospital gets ransomwared, HIPAA violations are nearly automatic — and they give class action attorneys a powerful statutory framework to work with. Unlike general negligence claims (where you have to prove the company was unreasonably careless), HIPAA violations are strict liability in the class action context, making settlements faster and larger.

The Data Is More Sensitive

Healthcare records contain information that can cause direct, identifiable harm if misused. A medication history showing HIV treatment, psychiatric drugs, or addiction therapy can affect employment, insurance coverage, and personal relationships. Courts recognize this and have consistently been more willing to certify healthcare breach classes — which drives up settlement pressure and payout amounts.

Patient Records Are Precisely Organized

Hospitals and pharmacies keep meticulous patient records. Unlike some breach cases where defendants argue that identifying class members would be burdensome, healthcare entities can produce exact class lists from their existing patient databases. This streamlines administration and removes a major settlement obstacle.

The Three-Tier Payout Structure

Nearly every healthcare breach settlement uses the same three-tier structure. Knowing how it works lets you file for the highest tier you qualify for — most people default to Tier 1 and leave money on the table.

Tier 1: Flat Cash — No Documentation Required

Every eligible class member receives a flat cash payment just for qualifying. Typical amounts: $50 to $250. You simply attest that you received a breach notification from the defendant — no receipts, no medical records, no proof of harm required.

Most people file only Tier 1. It is the easiest path. But if you spent any time or money dealing with the breach, you should also file Tier 2.

Tier 2: Documented Losses — Up to $5,000

This tier covers real, documented out-of-pocket losses:

• Credit monitoring or identity theft protection services you paid for after receiving the breach notice
• Bank fees from unauthorized transactions
• Professional fees paid to an identity theft attorney or credit repair service
• Time spent dealing with fraud or identity theft (billed at a flat rate — typically $20/hour for up to 10 hours)

Documentation requirements are reasonable. For most expenses, a bank statement, credit card statement, or receipt is sufficient. You do not need to prove the breach caused the expense — you only need to show the expense occurred after the breach notification date.

Tier 3: Extraordinary Harm — Potentially Unlimited

If the breach directly contributed to full identity theft — fraudulent accounts opened in your name, tax return fraud, fraudulent loans — you can claim significantly more. These claims require more documentation (FTC identity theft reports, police reports, credit bureau fraud alerts) but have no strict cap at most settlements.

If you experienced serious identity theft, do not file Tier 1 and call it done. Take the time to document your losses — the difference in payout can be thousands of dollars.

Active Healthcare Breach Settlements You Can File Right Now

PharMerica Data Breach — Deadline: April 27, 2026

PharMerica is one of the largest institutional pharmacies in the U.S., dispensing medications to patients in hospitals, nursing homes, and long-term care facilities. A March 2023 ransomware attack exposed the records of approximately 5.8 million individuals — the largest healthcare data breach settlement currently open to claims.

What you can receive:

• Up to $175 for estimated time lost (no receipts needed)
• Up to $3,500 for documented out-of-pocket losses
• Additional payments for verified identity theft
• Three years of credit monitoring and identity theft insurance

The April 27 deadline is extremely close. If you received a PharMerica breach notification, file today.

→ File the PharMerica Claim — April 27, 2026

Granite Wellness Centers — Deadline: April 27, 2026

Granite Wellness Centers is a California addiction treatment network. Their 2021 data breach exposed patient records including substance use disorder treatment information — a category protected by 42 CFR Part 2, which provides stronger privacy protections than standard HIPAA.

Patients exposed by this breach have unusually strong grounds for Tier 2 and Tier 3 claims given the sensitivity of the data. The flat Tier 1 payment is $750 with no documentation. Documented claims can reach $5,100.

→ File the Granite Wellness Claim — April 27, 2026

McLaren Health Care — Deadline: April 29, 2026

McLaren Health Care operates 13 Michigan hospitals. Two separate ransomware attacks — in summer 2023 and summer 2024 — compromised the records of approximately 2.8 million patients. The combined $14 million settlement fund provides up to $5,000 for documented losses plus 24 months of Experian credit monitoring.

If you were a McLaren patient during 2023 or 2024 and received a breach notification, you have until April 29 to file.

→ File the McLaren Health Care Claim — April 29, 2026

Signature Performance — Deadline: May 7, 2026

Signature Performance handles revenue cycle management for multiple hospital systems, including Adventist Health Tulare and UNC Health Southeastern. Their January 2024 breach exposed records for patients and employees across multiple affiliated institutions. The $8.5 million settlement covers both patient and employee data for those who received breach notifications.

→ File the Signature Performance Claim — May 7, 2026

Step-by-Step: How to File a Healthcare Breach Settlement Claim

1. Find your breach notification letter. Check old mail and email (including spam). The letter identifies which breach you were affected by and often includes your settlement claim ID. If you cannot find the letter, go to the settlement administrator website and search by name and date of birth.
2. Go to the official settlement website. SettlementRadar links directly from each settlement page. Avoid third-party filing sites that charge fees — filing is always free directly with the administrator.
3. Choose your tier. File Tier 2 if you paid for any credit monitoring or identity protection services, spent time dealing with fraud, or had unauthorized charges after the breach. The documentation bar is low — a bank statement is usually sufficient.
4. Provide your contact information. Name, current address, and email. If you have moved since the breach notification was sent, updating your address here is critical — otherwise your check cannot reach you.
5. Submit and save your confirmation. Copy the claim reference number. Write it down somewhere. Settlement administrators occasionally lose claims and your reference number is your only proof of filing.

When Will You Get Paid?

Healthcare breach settlements follow a predictable timeline after the claim deadline closes:

• 0–90 days after deadline: Claims processing and eligibility verification
• 90–180 days: Final court approval hearing (if not already granted)
• 30-day appeal window: After final approval, class members can appeal
• 180–365 days after deadline: Payment distribution begins

For most healthcare breach settlements, expect your check or electronic payment within 6 to 12 months of the filing deadline. You will receive no further communication between filing and payment unless there is an issue with your claim.

Key Takeaways

• Healthcare data breach settlements pay $750 to $10,000+ per person — the highest of any settlement type
• A three-tier system means most people can receive cash without documentation, but Tier 2 pays 5–20x more for modest documentation
• PharMerica (up to $10,000+) and Granite Wellness (up to $5,100) close April 27
• McLaren Health Care (up to $5,000) closes April 29
• Signature Performance (up to $5,000) closes May 7
• Filing is always free — go directly to the settlement administrator, never pay a third party to file on your behalf
• Keep your confirmation number — it is your proof of filing

The breach already happened. You cannot un-expose your data. But you can make sure you collect the compensation the courts have determined you are owed. File before the deadlines and claim every tier you qualify for.