Yale New Haven Health Services Corp 18 million settlement for 2025 patient data breach
Deadline
Deadline: February 18, 2026
Total Settlement Amount
Total amount allocated for all claims
Individual Payout Range
Estimated amount per eligible claim
Proof of Purchase
To support a documented-loss claim, submit the completed claim form and evidence of expenses or harm caused by the breach, e.g., receipts, billing statements, emails/correspondence, telephone records, fraud or identity-theft reports, credit monitoring or remediation invoices. Undocumented-claimants may submit the claim form without receipts to receive the $100 alternate payment. All claims must be filed by Feb. 18, 2026 and include an attestation of truth under penalty of perjury.
Settlement Summary
Yale New Haven Health Services Corp. agreed to an $18 million settlement to resolve a class action over a data breach discovered March 8, 2025, that exposed sensitive patient identifiers—including Social Security numbers, birth dates, addresses and medical information. The suit alleges the health system failed to prevent unauthorized access to that data; Yale New Haven denied wrongdoing but agreed to compensate people who received breach notices. Under the deal, eligible class members who document actual losses (fraud, identity-theft remediation, credit costs, etc.) can recover up to $5,000, others may claim a $100 cash payment, and all qualified individuals are eligible for two years of free medical data monitoring. Key dates include the claim deadline (Feb. 18, 2026), the exclusion/objection deadline (Jan. 20, 2026) and the final approval hearing (March 3, 2026). This settlement is part of a wider pattern of litigation and enforcement in the healthcare sector—where large-scale breaches (e.g., Anthem, Premera, and others) have produced settlements, OCR investigations under HIPAA, and calls for tougher cybersecurity safeguards. Class actions like this aim both to compensate victims and to pressure institutions to strengthen privacy controls; they dovetail with federal HIPAA/HITECH obligations and state breach-notification laws that require rapid reporting and protective responses. For patients and providers, the case highlights how regulatory enforcement, private litigation and public scrutiny together shape data-security practices and can spur investments in encryption, access controls and incident response planning.
Entities Involved
Eligibility Requirements
- You received a written data breach notice informing you that your information may have been compromised in the March 8, 2025 incident.
- Submit a valid claim form to the settlement administrator by the deadline: February 18, 2026.
- To seek reimbursement for documented losses, provide supporting documentation (receipts, correspondence, phone records, fraud reports, etc.).
- Claimants without documentation may submit for an alternate cash payment ($100).
- All claims must be truthful and are submitted under penalty of perjury; do not file if you did not receive a notice or do not qualify.
- Opt-out or objection deadline for class members: January 20, 2026.
Featured Investigations
Stay Updated
Subscribe to our newsletter for the latest settlement updates and news.
Important Notice About Filing Claims
Submitting false information in a settlement claim is considered perjury and will result in your claim being rejected. Fraudulent claims harm legitimate class members and may result in legal consequences.
If you are unsure about your eligibility for this settlement, please visit the official settlement administrator’s website using the link provided above. Review the eligibility criteria carefully before submitting a claim.
Class Action Champion is an independent information resource and is not affiliated with any settlement administrator, law firm, or court. We provide settlement information as a service to help connect eligible class members with legitimate settlements.