Carolina Arthritis Associates 5 Million Settlement Over September 2024 Data Breach
Deadline
Deadline: February 23, 2026
Total Settlement Amount
Total amount allocated for all claims
Individual Payout Range
Estimated amount per eligible claim
Proof of Purchase
No documentation is indicated as required to submit a claim, based on the provided settlement information.
Settlement Summary
Carolina Arthritis Associates, a medical practice specializing in rheumatology care, reported a data breach tied to a September 2024 incident that may have exposed patients’ sensitive personal and health-related information. Healthcare organizations are frequent targets because their systems store high-value data such as names, contact details, dates of birth, Social Security numbers, insurance information, and sometimes clinical or billing records—details that can be used for identity theft, fraudulent claims, or medical identity fraud. This proposed class action settlement website indicates a $5 million fund, with claimed payments ranging from about $100 up to $5,000 and a February 23, 2026 deadline, and it notes that proof may not be required, a common feature in consumer data-breach settlements designed to make participation easier for affected patients. The lawsuit was filed because plaintiffs typically allege that the organization failed to implement reasonable cybersecurity safeguards and/or failed to detect and contain the intrusion promptly, exposing patients to an increased risk of fraud and the time and expense of monitoring and recovery. Its significance is less about proving a hacker’s identity and more about accountability—whether a healthcare provider met industry expectations for protecting protected health information (PHI) and personally identifiable information (PII), and whether affected individuals deserve compensation and credit/identity monitoring. Cases like this resemble many recent healthcare breach settlements involving clinics, hospitals, and vendors, and they play out against a regulatory backdrop that includes HIPAA’s Privacy and Security Rules (requiring administrative, physical, and technical safeguards) and state breach-notification laws; while HIPAA itself doesn’t give patients a direct right to sue, class actions often proceed under state consumer-protection, negligence, and contract theories, reinforcing pressure across the healthcare industry to improve security controls, vendor oversight, encryption, and incident response readiness.
Entities Involved
Eligibility Requirements
- You are an individual whose private information was compromised in the Carolina Arthritis Associates data breach
- The compromise relates to the incident that occurred in September 2024
- You submit a claim by the deadline (February 23, 2026)
Featured Investigations
Stay Updated
Subscribe to our newsletter for the latest settlement updates and news.
Important Notice About Filing Claims
Submitting false information in a settlement claim is considered perjury and will result in your claim being rejected. Fraudulent claims harm legitimate class members and may result in legal consequences.
If you are unsure about your eligibility for this settlement, please visit the official settlement administrator’s website using the link provided above. Review the eligibility criteria carefully before submitting a claim.
Class Action Champion is an independent information resource and is not affiliated with any settlement administrator, law firm, or court. We provide settlement information as a service to help connect eligible class members with legitimate settlements.