Gryphon Healthcare $2.8M Settlement Over 2024 Patient Data Breach Claims
Deadline
Deadline: April 16, 2026
Total Settlement Amount
Total amount allocated for all claims
Individual Payout Range
Estimated amount per eligible claim
Proof of Purchase
For reimbursement claims (up to $5,000), provide documentation showing data breach-related losses or expenses, such as receipts, invoices, bank/credit card statements, or records of credit-related fees, identity theft/fraud costs, or ID replacement expenses. No documentation is required for the $100 alternative cash payment.
Settlement Summary
Gryphon Healthcare, a medical billing company that handles patient and insurance data for hospitals and clinics, agreed to a $2.8 million settlement after a July 2024 cyberattack allegedly exposed sensitive information tied to people who later received breach-notification letters. Billing vendors like Gryphon sit in a high-risk spot in the healthcare ecosystem: they often store identifiers used for claims—names, dates of birth, Social Security numbers, insurance details, and sometimes medical-account information—making them attractive targets for criminals seeking to commit identity theft or medical fraud. Healthcare data breaches have become increasingly common as attackers exploit vendor networks and third-party access, and patients can feel the impact long after the initial incident through fraudulent accounts, credit issues, and the costly hassle of replacing IDs and monitoring records. The lawsuit (Morris, et al. v. Gryphon Healthcare LLC, filed in Texas state court) claimed Gryphon failed to implement “reasonable” cybersecurity measures and violated applicable state laws by not adequately safeguarding personal information. Without admitting wrongdoing, Gryphon agreed to provide compensation options that reflect the two typical categories of harm in breach cases: documented losses (up to $5,000 for costs like fraud-related fees, ID replacement, and credit expenses) and inconvenience or risk of future harm (a $100 alternative payment for those without documented losses), plus two years of identity theft and medical data monitoring. Cases like this are significant because they pressure healthcare vendors to invest in preventive security controls and incident response, and they also illustrate how class actions have become a key tool for consumers to seek remedies when the alleged damage is widespread but individualized. More broadly, the settlement fits a growing pattern of litigation stemming from healthcare and healthcare-adjacent breaches, especially involving third-party service providers that touch protected health information. The industry operates under a patchwork of rules—most notably HIPAA and its Security Rule for covered entities and business associates, plus state privacy and breach-notification laws—that require administrative, technical, and physical safeguards and prompt notice when certain data is compromised. Regulators and courts have increasingly scrutinized whether companies used measures commensurate with the sensitivity of the data, and settlements commonly include not just cash payments but also credit/identity monitoring, reflecting an expectation that organizations must mitigate the ongoing risks that follow patients after a breach occurs.
Entities Involved
Eligibility Requirements
- You are an individual whose personal information was potentially exposed in the Gryphon Healthcare data breach in July 2024
- You received a data breach notification letter from Gryphon Healthcare (included as an example of affected individuals)
- You submit a valid claim form by April 16, 2026
- To claim reimbursement for losses (up to $5,000), you must have qualifying data breach-related out-of-pocket expenses and provide supporting documentation
- If you do not want to participate, you must request exclusion by March 17, 2026 (otherwise you remain in the class if eligible)
Featured Investigations
Stay Updated
Subscribe to our newsletter for the latest settlement updates and news.
Important Notice About Filing Claims
Submitting false information in a settlement claim is considered perjury and will result in your claim being rejected. Fraudulent claims harm legitimate class members and may result in legal consequences.
If you are unsure about your eligibility for this settlement, please visit the official settlement administrator’s website using the link provided above. Review the eligibility criteria carefully before submitting a claim.
Class Action Champion is an independent information resource and is not affiliated with any settlement administrator, law firm, or court. We provide settlement information as a service to help connect eligible class members with legitimate settlements.