Two Major Healthcare Data Breach Settlements Resolve Class Action Lawsuits Two healthcare providers Compassion Health Care (North Carolina) and Emergency Medical Services Authority (EMSA, Oklahoma) have reached settlements in class action lawsuits following separate cyberattacks that exposed sensitive patient data. ### Compassion Health Care Settlement The Yanceyville, North Carolina-based medical practice agreed to a $600,000 settlement after a March 2025 breach compromised the protected health information (PHI) of 23,600 individuals. The incident, detected on March 17, 2025, involved unauthorized access to systems containing names, addresses, Social Security numbers, driver’s license details, health insurance data, and clinical information. Affected individuals were notified on May 16, 2025. The lawsuit, filed in Caswell County Superior Court on July 2, 2025, alleged negligence in cybersecurity measures. Under the settlement, funds will cover attorneys’ fees, administrative costs, and service awards, with class members eligible for: - Reimbursement of documented losses (up to $3,000 per person) - A $40 cash payment as an alternative - Two years of credit monitoring and identity theft protection ### EMSA Settlement EMSA, Oklahoma’s largest pre-hospital emergency care provider, settled a class action over a February 2024 cyberattack that exposed data of 611,743 individuals, including names, addresses, dates of birth, and Social Security numbers. The breach occurred between February 10–13, 2024, with unauthorized access to patient and employee files. The lawsuit, consolidated in Oklahoma County District Court, was resolved with a $1.5 million settlement fund. Class members can claim: - Reimbursement for documented losses (up to $3,000 per person) - Compensation for lost time (up to 4 hours at $15/hour, with attestation required) - Two years of single-bureau credit monitoring Claim deadlines vary by CPT ID, with final fairness hearings scheduled for April–May 2026. Both settlements were reached without admission of liability.

Emergency Medical Services Authority Settles $1.5M Data Breach Class Action The Emergency Medical Services Authority (EMSA) has agreed to a $1.5 million settlement to resolve a class action lawsuit stemming from a data breach that occurred between February 10 and 13, 2024. The incident allegedly exposed sensitive personal information stored by EMSA, leading to claims of negligence in safeguarding the data. Who Is Eligible? The settlement covers U.S. residents whose private information was potentially compromised in the breach and who received a mailed notice from EMSA regarding the incident. Compensation Details Eligible class members may claim: - Up to $3,000 for documented, unreimbursed expenses (e.g., bank fees, credit monitoring, professional services) incurred between February 10, 2024, and March 5, 2026. - Up to $60 for lost time (four hours at $15/hour) spent addressing the breach, provided at least one full hour was dedicated to related tasks. - Two years of single-bureau credit monitoring, if selected. Payments will be distributed via check, PayPal, Venmo, Zelle, or a virtual prepaid card. If total valid claims exceed the $1.5 million fund, payouts will be reduced proportionally. Key Deadlines - Opt-out deadline: February 3, 2026 - Claim submission deadline: March 5, 2026 - Final approval hearing: April 6, 2026 - Payout distribution: Approximately 60 days after final court approval, pending appeals. Settlement Fund Allocation The $1.5 million fund covers: - Settlement administration and notice costs (TBD) - Up to $400,000 in attorneys’ fees and expenses - Up to $5,000 in service awards for class representatives - Remaining balance for eligible claims Background Plaintiffs alleged EMSA failed to adequately protect sensitive data, though the organization denies wrongdoing. The settlement was reached to avoid prolonged litigation.