Patient Data Breach Settlement: Thousands Eligible for $7,500 Payout

Court-approved settlement compensates breach victims for unreimbursed losses tied to leaked Social Security numbers and other sensitive information.

Thousands Eligible for Compensation After Massive Healthcare Data Breach

Victims of a 2023 cyberattack on NextGen Healthcare may now be eligible to receive up to $7,500 each as part of a court-approved class action settlement tied to the company’s alleged failure to protect sensitive patient data.

• The breach occurred between March and April 2023, with unauthorized third-party access to patient information, including Social Security numbers.
• NextGen disclosed the incident publicly on April 28, 2023, acknowledging the criminal cyberattack.

When healthcare data is breached, victims aren’t just exposed—they’re on the hook for protecting themselves, often at their own cost.

What’s in the Settlement: Reimbursement for Real-World Losses

According to the official settlement website, each class member can file a claim for reimbursement of out-of-pocket costs directly related to the breach—up to $7,500 per person, capped per claim.

• Eligible expenses include costs for credit monitoring, identity theft protection, fraud resolution, credit freezes, and professional services.
• Claimants must provide verifiable documentation that losses are fairly traceable to the breach.
• Affected individuals can also apply for time compensation for dealing with breach-related consequences.

The fund aims to make victims whole for financial burdens that wouldn’t have occurred had NextGen adequately safeguarded patient data.

Lawsuit Claims: Inadequate Security, Ongoing Harm

Plaintiffs allege that NextGen failed to maintain proper security controls, violating state consumer protection laws and data protection duties.

• The complaint asserts that personal information was not encrypted or properly protected, enabling criminal access and exfiltration.
• Victims “have and will continue to suffer injury,” including long-term risk of identity theft, since the stolen data—especially Social Security numbers—is immutable.

As one security expert put it: “Your date of birth and Social Security number don’t change after a breach—and that makes stolen healthcare data incredibly valuable.”

Next Steps for Victims: How to Claim Compensation

To receive reimbursement, affected individuals must submit a claim via the settlement portal before the court-mandated deadline (not yet specified).

• Claims must include proof of loss, such as receipts or documentation of protective services purchased.
• Victims unsure if they qualify should review the class member eligibility criteria on the official settlement website.
• Additional compensation may be available for time spent mitigating risks, depending on the final distribution process.

Legal analysts suggest this case could set precedent for how courts handle damages tied to healthcare-specific breaches, which often carry more severe, long-lasting impacts than retail or financial incidents.

TL;DR:

NextGen Healthcare will pay up to $7,500 per person to victims of a 2023 cyberattack that exposed Social Security numbers and other sensitive patient data. The court-approved settlement reimburses out-of-pocket losses tied to identity protection, credit monitoring, and fraud-related expenses.