Healthcare Data Breach Settlements 2026 — Find and File Your Claim

1. Find your eligible healthcare settlement

   Browse the list above for open healthcare data breach settlements. Check the company name and class period dates. If you were a patient, member, or customer during those dates, you almost certainly qualify — even if you never got a notification letter.
2. Click "Check Eligibility" on the settlement card

   Each card links directly to the official settlement administrator's claim form. Never pay to file a claim — all healthcare breach claim filing is free through the official administrator.
3. Enter your information (3–5 minutes)

   Provide your name, current address, email, and confirmation of your account or treatment dates. For enhanced claims (documenting out-of-pocket losses), gather receipts, credit monitoring purchase records, or identity theft documentation.
4. Submit and save your confirmation number

   Screenshot or copy your confirmation after filing. This is your proof of claim. You may receive a follow-up from the settlement administrator requesting verification of your membership.
5. Wait for your check (12–24 months)

   Healthcare settlement payments typically arrive 12–24 months after the filing deadline. Payment methods include checks, PayPal, Venmo, and Zelle. Check SettlementRadar for status updates on any case you filed.

Why Healthcare Data Breaches Are So Serious

Healthcare data is the most valuable type of personal information on criminal markets — worth 10–20 times more than credit card numbers. A stolen credit card can be canceled; your medical history, Social Security number, and date of birth cannot. Healthcare data breaches expose you to:

• Medical identity theft — fraudsters using your insurance to receive treatments and bill your plan, leaving you with unexplained bills and wrong information in your medical record
• Tax fraud — SSNs from healthcare breaches are used to file fraudulent tax returns claiming refunds in your name
• Financial fraud — healthcare records often include payment data and enough PII for full identity theft
• Privacy violations — exposure of diagnoses, mental health treatment, and prescriptions that you have a right to keep private

Federal law (HIPAA) requires healthcare organizations to implement specific safeguards for protected health information. When they fail — and the data volumes involved in recent breaches make "they failed" an understatement — class action settlements provide the primary mechanism for compensation.

The Biggest Healthcare Data Breaches in History

The scale of healthcare data exposure in the 2020s has been staggering:

• Change Healthcare (UnitedHealth Group) — 2024: The largest healthcare data breach in U.S. history. A ransomware attack on Change Healthcare, the nation's largest health payment processor, disrupted claims processing for months and exposed the records of over 100 million Americans. Class action litigation is ongoing.
• Anthem — 2015: The first major healthcare mega-breach. Hackers stole names, Social Security numbers, birthdates, addresses, and employment information for 78.8 million Anthem members and employees. The $115 million settlement remains the largest HIPAA-related settlement in history.
• Premera Blue Cross — 2015: 11 million members had medical claims data, SSNs, and bank account details exposed. Settlement: $74 million.
• Community Health Systems — 2014: 4.5 million patients had SSNs and personal information stolen. Multiple state settlements.
• Ascension Health — 2024: A cyberattack on one of the nation's largest Catholic health systems affected millions of patients across 19 states. Class action filings active.
• Hospital system breaches (ongoing): Regional hospital systems and independent practices file HIPAA breach reports daily. SettlementRadar monitors all filings with significant settlement potential.

HIPAA vs. Class Action Settlements: What's the Difference?

When you hear about a hospital paying a "HIPAA fine," that money goes to the government — not to you. HIPAA penalties are regulatory sanctions, not consumer compensation. To receive money for a healthcare data breach, you need a class action settlement. Class action settlements are civil lawsuits where patients or members sue the breached organization for negligence, breach of contract, and violations of state privacy laws. These cases run parallel to any government regulatory action and are your path to direct compensation. The distinction matters because organizations that have paid large HIPAA fines may simultaneously be settling separate class actions. The fine ≠ the settlement. Always check SettlementRadar to see if an active class action settlement exists for any healthcare breach affecting you.

Your Rights Under HIPAA

Under the Health Insurance Portability and Accountability Act (HIPAA), your healthcare provider or insurer must:

• Notify you within 60 days of discovering a breach affecting your PHI
• Provide a description of the PHI involved, the cause of the breach, and the steps being taken
• Offer free credit monitoring or identity theft protection in most major breach cases

But HIPAA notification doesn't mean you automatically receive compensation — that requires filing a claim in the class action. If you received a breach notification letter from a healthcare company and didn't file a claim, you likely left money on the table. Check the settlements above to see if the filing window is still open.

How Healthcare Settlement Payouts Are Calculated

Most healthcare settlements offer tiered compensation:

• Tier 1 (Base claim, no documentation): $50–$500. Available to all class members with a valid, verified claim. No receipts or proof of harm required.
• Tier 2 (Enhanced claim, documented losses): $500–$5,000. For class members who can document out-of-pocket losses like credit monitoring subscriptions, identity theft insurance, time spent resolving fraud, or unreimbursed costs.
• Tier 3 (Extraordinary losses): $5,000–$20,000+. For class members who experienced significant identity theft, medical identity fraud, or other documented substantial harm directly traceable to the breach.

Pro tip: Even if you can't document losses, file the base claim. Healthcare settlements frequently have low claims rates, meaning the per-person base payment often exceeds initial estimates when fewer people file than expected.