Norton Healthcare $11 Million Settlement for 2023 Data Breach Exposing PII and PHI
Deadline
Deadline: May 18, 2026
Total Settlement Amount
Total amount allocated for all claims
Individual Payout Range
Estimated amount per eligible claim
Proof of Purchase
Online claims require the Class Member ID shown on the notice. Out-of-pocket loss claims must include supporting documentation such as bank or credit card statements showing unreimbursed fees or fraudulent charges, receipts, invoices, or other proof of fraud/identity theft. Claimants should keep a copy of the notice/notification letter showing they were notified or are on the class list. Losses must fall between May 9, 2023 and May 18, 2026. Electronic payment requires completing the online form; mailed claims require the completed PDF claim form and supporting documents sent to the settlement administrator address.
Settlement Summary
In May 2023 Norton Healthcare disclosed a cybersecurity incident that exposed personally identifiable information (PII) and protected health information (PHI) for as many as about 2.5 million patients and employees. Plaintiffs sued claiming negligence, breach of implied contract, unjust enrichment and invasion of privacy; Norton denied wrongdoing but agreed to an $11 million settlement to avoid protracted litigation. The settlement offers three years of medical-monitoring services, reimbursement for up to $2,500 of unreimbursed losses, modest lost-time payments and a pro rata cash distribution, with claim deadlines and a final-approval hearing scheduled in 2026. This case matters because it reinforces legal and financial pressures on healthcare providers to secure sensitive data under laws such as HIPAA and state breach-notification statutes, and it follows a string of large healthcare-data settlements (e.g., Anthem, Premera) that commonly provide medical monitoring and out-of-pocket relief. Beyond individual compensation, these outcomes push hospitals to strengthen cybersecurity, incident response and regulatory compliance—both to protect patient trust and to limit exposure to OCR enforcement, FTC scrutiny and costly class actions when ransomware and data theft occur.
Entities Involved
Eligibility Requirements
- Current or former patients or employees of Norton Healthcare or Norton Hospitals
- On the defendants' class list and received a formal notification letter about the incident
- Personal and/or protected health information (PII/PHI) may have been compromised in the May 2023 incident
- Losses claimed (for reimbursement) occurred between May 9, 2023 and May 18, 2026
- Claim submitted by the court deadline (claims due May 18, 2026)
Featured Investigations
Stay Updated
Subscribe to our newsletter for the latest settlement updates and news.
Important Notice About Filing Claims
Submitting false information in a settlement claim is considered perjury and will result in your claim being rejected. Fraudulent claims harm legitimate class members and may result in legal consequences.
If you are unsure about your eligibility for this settlement, please visit the official settlement administrator’s website using the link provided above. Review the eligibility criteria carefully before submitting a claim.
Class Action Champion is an independent information resource and is not affiliated with any settlement administrator, law firm, or court. We provide settlement information as a service to help connect eligible class members with legitimate settlements.