American Addiction Centers 5 Million Settlement Over September 2024 Data Breach
Deadline
Deadline: March 23, 2026
Total Settlement Amount
Total amount allocated for all claims
Individual Payout Range
Estimated amount per eligible claim
Proof of Purchase
No documentation is required according to the provided settlement information.
Settlement Summary
American Addiction Centers (AAC), a major provider of substance-use disorder treatment services, agreed to a $5 million class action settlement after a September 2024 data breach that may have exposed patients’ and consumers’ personal information. Incidents like this are particularly sensitive in healthcare because treatment providers often store not only identifiers (like names, addresses, dates of birth, and Social Security numbers) but also highly private information tied to medical care; exposure can raise risks of identity theft, fraud, and the stigma-related harms that can follow from disclosure of addiction-treatment connections. The lawsuit was filed on behalf of people whose information was potentially affected, alleging AAC failed to implement reasonable data-security practices and to adequately protect the data it held, resulting in preventable harms and increased risk of misuse. The settlement website indicates potential payments ranging from $50 to $5,000, with a claim deadline of 3/23/26 and no proof required, reflecting a common structure in data-breach cases where claimants may be compensated for time spent, out-of-pocket losses, or the increased risk and inconvenience created by exposure. Beyond individual payouts, these cases are significant because they pressure organizations handling sensitive health data to tighten cybersecurity, improve incident response, and offer clearer notice and assistance when breaches occur. More broadly, AAC’s case fits a nationwide pattern of healthcare breach class actions against hospitals, insurers, and specialty providers, where plaintiffs argue that outdated security controls and weak vendor oversight make medical data a prime target. The industry operates under a patchwork of obligations: HIPAA’s Privacy and Security Rules set standards for safeguarding protected health information and require breach notifications, while many state data-breach laws add notice timelines and consumer protections, and federal regulators like HHS’s Office for Civil Rights can investigate and penalize noncompliance. As cyberattacks on healthcare providers continue to rise, settlements like this may accelerate adoption of stronger safeguards such as multifactor authentication, encryption, network monitoring, and more rigorous third-party risk management across the sector.
Entities Involved
Eligibility Requirements
- You are an individual whose personal information was potentially exposed in the American Addiction Centers data breach
- The exposure relates to the September 2024 incident
- You submit a claim by the deadline (3/23/26)
Featured Investigations
Stay Updated
Subscribe to our newsletter for the latest settlement updates and news.
Important Notice About Filing Claims
Submitting false information in a settlement claim is considered perjury and will result in your claim being rejected. Fraudulent claims harm legitimate class members and may result in legal consequences.
If you are unsure about your eligibility for this settlement, please visit the official settlement administrator’s website using the link provided above. Review the eligibility criteria carefully before submitting a claim.
Class Action Champion is an independent information resource and is not affiliated with any settlement administrator, law firm, or court. We provide settlement information as a service to help connect eligible class members with legitimate settlements.