Oklahoma Spine Hospital 1.1M Settlement Over July 2024 Data Breach Exposing PHI
Deadline
Deadline: January 7, 2026
Total Settlement Amount
Total amount allocated for all claims
Individual Payout Range
Estimated amount per eligible claim
Proof of Purchase
Online claims require the Notice ID and PIN from the settlement notice. Claims for documented losses require supporting third-party records showing the out-of-pocket expenses and losses tied to identity theft/fraud (e.g., bank or credit card statements, receipts, invoices, or similar documentation), with losses occurring between July 1, 2024 and Jan. 7, 2026.
Settlement Summary
Oklahoma Spine Hospital LLC agreed to a $1.1 million class action settlement after a cybersecurity incident discovered around July 1, 2024, potentially exposed sensitive personal and financial data along with protected health information (PHI) for about 38,945 people. Health-care data breaches are especially disruptive because medical records can contain long-lasting identifiers—dates of birth, insurance and billing details, and clinical information—that are difficult or impossible to “change” the way you can change a password. The settlement offers affected individuals a choice of benefits, including three years of credit monitoring with identity-theft insurance, reimbursement of documented losses traceable to the breach (up to $10,000 within the specified period), and a pro rata cash payment depending on how many valid claims are filed. The lawsuit was filed because plaintiffs alleged the hospital failed to adequately protect patient information, a common legal theory in breach cases that focuses on whether an organization used “reasonable” security practices and responded appropriately once an intrusion occurred. While Oklahoma Spine Hospital denies wrongdoing, settling avoids the cost and uncertainty of litigation and creates a structured way for impacted people to obtain monitoring and compensation without each person filing an individual suit. The case is significant in showing how breach settlements often prioritize credit-monitoring services and documented-loss reimbursement, and how deadlines (opt-out, claim submission, and final approval) shape who ultimately receives meaningful relief. More broadly, this settlement fits into a growing pattern of class actions following health-care cyber incidents, where plaintiffs seek to hold providers accountable for safeguarding PHI and for the downstream risk of identity theft and medical identity fraud. The industry context includes HIPAA’s Privacy and Security Rules, which require covered entities and business associates to implement administrative, physical, and technical safeguards, as well as the HITECH Act’s breach-notification requirements that trigger notices to affected individuals and regulators after certain incidents. Similar suits across the sector frequently end in settlements funding monitoring and limited cash payments, reflecting both the high stakes of PHI exposure and the practical challenge of proving exactly whose data was misused and what damages flowed directly from a specific breach
Entities Involved
Eligibility Requirements
- Received a data breach notification from Oklahoma Spine Hospital related to the incident discovered on or about July 1, 2024
- The notice indicated the incident may have involved the recipient’s personal information
- Submit a valid claim by the claim deadline (Jan. 7, 2026) to receive payment or benefits
- To claim reimbursement for losses, the expenses must be out-of-pocket, traceable to the breach, and incurred between July 1, 2024 and Jan. 7, 2026
Featured Investigations
Stay Updated
Subscribe to our newsletter for the latest settlement updates and news.
Important Notice About Filing Claims
Submitting false information in a settlement claim is considered perjury and will result in your claim being rejected. Fraudulent claims harm legitimate class members and may result in legal consequences.
If you are unsure about your eligibility for this settlement, please visit the official settlement administrator’s website using the link provided above. Review the eligibility criteria carefully before submitting a claim.
Class Action Champion is an independent information resource and is not affiliated with any settlement administrator, law firm, or court. We provide settlement information as a service to help connect eligible class members with legitimate settlements.