Hospital Sisters Health System 7.6M Settlement Over 2023 Patient Data Breach
Deadline
Deadline: August 4, 2026
Total Settlement Amount
Total amount allocated for all claims
Individual Payout Range
Estimated amount per eligible claim
Proof of Purchase
To claim reimbursement for documented losses (up to $5,000), submit the claim form with supporting documents showing out-of-pocket costs tied to the breach (e.g., bank/credit card statements, receipts, invoices, or other records for identity theft losses, credit-related fees, or ID replacement).
Settlement Summary
Hospital Sisters Health System (HSHS), which operates 15 hospitals in Illinois and Wisconsin, agreed to a $7.6 million settlement after a 2023 cyber incident on its network (Aug. 16–27, 2023) allegedly exposed sensitive patient data. The compromised information reportedly included Social Security numbers, health insurance details, driver’s license numbers, and other personally identifiable information—exactly the type of data that can be leveraged for identity theft and medical fraud. In healthcare, these breaches are particularly disruptive because hospitals store both financial identifiers and protected health information, and ransomware-style intrusions have become a persistent threat across the sector. The class action, In re: Hospital Sisters Health System Data Breach Litigation (Chancery Court of Sangamon County, Illinois), was filed on the theory that HSHS failed to implement “reasonable” cybersecurity safeguards that could have prevented or reduced the breach’s impact. While HSHS did not admit wrongdoing, the settlement is significant because it converts alleged harm—risk of identity theft, time spent responding, and actual out-of-pocket losses—into concrete relief: up to $5,000 for documented losses, an alternative cash payment for those without documented losses, and two years of financial monitoring with $1 million in fraud insurance. Key dates include the opt-out/objection deadline (Nov. 14, 2025) and a final approval hearing (Dec. 4, 2025), with claim submission required to receive benefits. More broadly, this case fits a growing pattern of healthcare data-breach class actions where plaintiffs argue that inadequate security controls and delayed detection created preventable exposure, and settlements commonly fund credit monitoring and reimbursements rather than litigating fault to verdict. The industry backdrop includes HIPAA’s Privacy and Security Rules (which require administrative, physical, and technical safeguards for electronic protected health information) and HHS breach-notification expectations, alongside a patchwork of state consumer-protection and data-security laws that often drive these suits. As regulators and courts increasingly scrutinize “reasonable security” in highly targeted sectors like healthcare, similar settlements reinforce the expectation that hospitals treat cybersecurity as a patient-safety and compliance obligation, not just an IT function.
Entities Involved
Eligibility Requirements
- Your personally identifiable information (PII) and/or personal health information (PHI) was compromised in the HSHS data breach
- The compromise occurred in the incident affecting HSHS network systems between Aug. 16, 2023 and Aug. 27, 2023
- You are a member of the settlement class (including individuals who received notice of the breach)
- To receive benefits, you must submit a timely, valid claim form by the stated deadline
Featured Investigations
Stay Updated
Subscribe to our newsletter for the latest settlement updates and news.
Important Notice About Filing Claims
Submitting false information in a settlement claim is considered perjury and will result in your claim being rejected. Fraudulent claims harm legitimate class members and may result in legal consequences.
If you are unsure about your eligibility for this settlement, please visit the official settlement administrator’s website using the link provided above. Review the eligibility criteria carefully before submitting a claim.
Class Action Champion is an independent information resource and is not affiliated with any settlement administrator, law firm, or court. We provide settlement information as a service to help connect eligible class members with legitimate settlements.