Emergency Medical Services Authority up to 3000 Settlement over 2024 patient data breach
Deadline
Deadline: March 5, 2026
Total Settlement Amount
Total amount allocated for all claims
Individual Payout Range
Estimated amount per eligible claim
Proof of Purchase
To claim reimbursement for monetary losses (and any lost-time payment counted toward the $3,000 cap), provide documentation showing losses fairly traceable to the incident, such as bank statements, phone/communication bills, credit-related records, correspondence, and receipts. Claimants must submit the claim under penalty of perjury.
Settlement Summary
Emergency Medical Services Authority (EMSA), a major Oklahoma ambulance and emergency-care provider serving more than a million people a year, agreed to settle a class action tied to a February 10–13, 2024 cyber incident in which an unauthorized party allegedly accessed its network and obtained files containing sensitive patient information. People who received a breach notification from EMSA may be eligible for benefits, including up to $3,000 for documented, breach-related losses (such as certain bank fees, credit expenses, or other out-of-pocket costs), reimbursement for limited lost time, and two years of credit monitoring and identity protection, with claim and court-approval deadlines stretching into early 2026. The lawsuit was filed because plaintiffs argue EMSA did not use “reasonable” cybersecurity measures to safeguard patient data, leaving affected individuals exposed to identity theft and the time and expense of monitoring accounts, disputing charges, or repairing credit. While EMSA did not admit wrongdoing, the settlement is significant because it reflects how organizations may choose to resolve the costly uncertainty of data-breach litigation—particularly where medical or patient-linked information is involved, which can be more valuable to criminals and more difficult for consumers to change than a password. Broader implications extend beyond EMSA: breach class actions in healthcare and emergency services have become common as ransomware and network intrusions increasingly disrupt medical operations and expose personal data, often leading to settlements that combine cash reimbursement for provable harm with multi-year credit monitoring. The legal backdrop includes a patchwork of state data-breach notification laws and, for many healthcare entities and partners, federal HIPAA privacy and security expectations that require administrative, physical, and technical safeguards—standards that frequently become the benchmark plaintiffs cite when arguing an organization fell short of industry norms for protecting sensitive patient information.
Entities Involved
Eligibility Requirements
- You received a mailed notification from Emergency Medical Services Authority (EMSA) saying your private information may have been impacted
- The notice relates to EMSA’s February 2024 data incident (alleged breach dates Feb. 10–13, 2024)
- You submit a valid claim form by March 5, 2026
- If requesting reimbursement for losses/time, you must attest the losses are fairly traceable to the data incident and provide supporting documentation as required
Featured Investigations
Stay Updated
Subscribe to our newsletter for the latest settlement updates and news.
Important Notice About Filing Claims
Submitting false information in a settlement claim is considered perjury and will result in your claim being rejected. Fraudulent claims harm legitimate class members and may result in legal consequences.
If you are unsure about your eligibility for this settlement, please visit the official settlement administrator’s website using the link provided above. Review the eligibility criteria carefully before submitting a claim.
Class Action Champion is an independent information resource and is not affiliated with any settlement administrator, law firm, or court. We provide settlement information as a service to help connect eligible class members with legitimate settlements.