Carespring Health Care $4.5M Settlement for October 2023 Data Breach Claims
Deadline
Deadline: April 16, 2026
Total Settlement Amount
Total amount allocated for all claims
Individual Payout Range
Estimated amount per eligible claim
Proof of Purchase
No documentation is required according to the settlement listing; eligibility is tied to receiving a breach notice from Carespring related to the October 2023 incident.
Settlement Summary
Carespring Health Care Management agreed to a $4.5 million class action settlement tied to an October 2023 data breach that allegedly exposed patients’ personal information. Health-care organizations are frequent ransomware and hacking targets because they hold high-value data—names, dates of birth, Social Security numbers, insurance details, and clinical or billing records—that can be used for identity theft and medical fraud. In incidents like this, affected individuals are typically notified under state data-breach laws, and they may face risks ranging from fraudulent account openings to misused insurance benefits, even when no immediate harm is obvious. The lawsuit was filed to allege that Carespring failed to implement reasonable administrative, technical, and physical safeguards to protect sensitive information, and to seek compensation and remedial measures after the breach. The settlement structure (reported payout range of roughly $50 to $4,500, with no proof required, and a claim deadline of 4/16/26 for those who received notice) reflects a common approach in data-breach cases: provide standardized cash payments or tiered benefits without forcing every claimant to document losses, while resolving disputed claims without a trial. Its significance lies in reinforcing that health-care entities can face substantial financial and reputational consequences when cybersecurity controls, monitoring, vendor management, or incident response are alleged to be inadequate. More broadly, this settlement fits into a growing wave of health-care breach class actions that follow large-scale incidents at hospitals, long-term care operators, and billing or claims vendors, where plaintiffs similarly argue that lax security increased exposure to fraud risks. The industry operates under the federal HIPAA framework and HHS guidance for safeguarding protected health information, alongside state privacy and breach-notification requirements, and regulators have increasingly emphasized risk analyses, access controls, encryption, and timely incident response. As these cases accumulate, they push organizations toward stronger security programs and faster transparency, while also shaping how courts and companies value “risk of harm” and the cost of monitoring and remediation after a breach.
Entities Involved
Eligibility Requirements
- Received a notice from Carespring Health Care Management stating your personal information was potentially impacted
- The notice relates to the October 2023 data breach incident
- Submit a claim by April 16, 2026 (if seeking payment)
Featured Investigations
Stay Updated
Subscribe to our newsletter for the latest settlement updates and news.
Important Notice About Filing Claims
Submitting false information in a settlement claim is considered perjury and will result in your claim being rejected. Fraudulent claims harm legitimate class members and may result in legal consequences.
If you are unsure about your eligibility for this settlement, please visit the official settlement administrator’s website using the link provided above. Review the eligibility criteria carefully before submitting a claim.
Class Action Champion is an independent information resource and is not affiliated with any settlement administrator, law firm, or court. We provide settlement information as a service to help connect eligible class members with legitimate settlements.