General Physician 2.5M Settlement Over Patient Data Breach and Exposed Medical Records

The General Physician 2.5M Settlement Over Patient Data Breach and Exposed Medical Records settlement offers $2.50M in total, with individual payouts of $60 to $5K to eligible claimants who you are an individual in the united states whose private information was potentially accessed and/or acquired in the general physician p.c. data incident. The deadline to file is May 27, 2026. Proof of purchase is required.

Deadline

59 days remaining

Deadline: May 27, 2026

Total Settlement Amount

$2.50M

Total amount allocated for all claims

Individual Payout Range

$60 to $5K

Estimated amount per eligible claim

Proof of Purchase

Required

Online claims require the Class Member ID from the settlement notice. Claims for documented losses (up to $5,000) must include supporting records such as bank/credit card statements showing unreimbursed fees or fraudulent charges, invoices, receipts, or other documentation demonstrating identity theft/fraud and related out-of-pocket losses tied to the incident.

Settlement Summary

General Physician P.C. agreed to a $2.5 million class action settlement after a cybersecurity incident that allegedly exposed sensitive patient data between April 6 and June 12, 2024, affecting an estimated 490,210 people. The compromised information reportedly included both personally identifiable information (PII) like names, addresses, Social Security numbers and dates of birth, and protected health information (PHI) such as medical treatment and record details—data that can be especially damaging because it can enable both financial fraud and “medical identity theft,” where someone uses another person’s identity to obtain healthcare services or submit false insurance claims. The lawsuit was filed on the theory that the practice failed to implement reasonable data security measures to protect patient information, leading to unauthorized access and resulting risks and out-of-pocket losses for patients. While General Physician denied wrongdoing, the settlement provides a structured set of benefits: up to $5,000 for documented, breach-related losses, an alternative cash payment expected to average around $60 (capped), and two years of credit and medical-records monitoring with insurance coverage for medical identity theft—relief that reflects how hard it can be for individuals to prove direct financial harm immediately after a breach. The case is significant because it shows how healthcare breaches increasingly lead to class actions that focus as much on future risk mitigation (monitoring) as on reimbursement, with plaintiffs’ lawyers pushing providers to treat cybersecurity as a core patient-safety obligation. More broadly, this settlement fits a familiar pattern seen in other healthcare data-breach class actions: organizations often resolve claims without admitting liability, fund monitoring services, and compensate provable losses while disputing that every class member suffered concrete injury. The industry context matters because medical providers and their vendors are expected to comply with HIPAA’s Privacy and Security Rules (and, for many, the HITECH Act’s breach-notification requirements), which require administrative, physical, and technical safeguards for electronic PHI; regulators can pursue separate enforcement even when a private lawsuit settles. As ransomware and third-party vendor compromises continue to drive large-scale exposures, cases like this reinforce the growing expectation—by courts, regulators, and patients—that healthcare organizations adopt stronger security controls, faster detection, and clearer breach response practices to reduce repeat incidents and downstream harm

Entities Involved

General Physician P.C.

Kroll Settlement Administration LLC

Newhart v. General Physician P.C.

GeneralPhysicianDataIncidentSettlement.com (settlement website)

One-bureau credit monitoring (service)

Medical records monitoring (service)

Medical identity theft insurance (up to $1,000,000 coverage referenced)

Eligibility Requirements

You are an individual in the United States whose private information was potentially accessed and/or acquired in the General Physician P.C. data incident
You received a notice letter from General Physician P.C. about the data breach (used to verify class membership for claiming)
To request up to $5,000, you must have losses that can be connected to the incident and provide documentation of those losses
To receive the alternate cash payment, you must submit a valid claim even if you have no documented losses
To receive credit/medical monitoring, you must submit a valid election/claim for that benefit (as offered to class members)
If you opt out of the settlement by the exclusion deadline, you are not eligible to receive settlement benefits

File Your Claim Now

Featured Investigations

Latest class action investigations that may lead to future settlements

View All

investigation

2/19/2026

Hair Relaxer Cancer Lawsuits

Chemical hair straighteners are under scrutiny after a groundbreaking study linked them to uterine cancer. Lawsuits allege manufacturers knew of the risks but failed to warn consumers.

Stay Updated

Subscribe to our newsletter for the latest settlement updates and news.

Important Notice About Filing Claims

Submitting false information in a settlement claim is considered perjury and will result in your claim being rejected. Fraudulent claims harm legitimate class members and may result in legal consequences.

If you are unsure about your eligibility for this settlement, please visit the official settlement administrator’s website using the link provided above. Review the eligibility criteria carefully before submitting a claim.

Class Action Champion is an independent information resource and is not affiliated with any settlement administrator, law firm, or court. We provide settlement information as a service to help connect eligible class members with legitimate settlements.