MedStar Health $1.35M Data Breach Settlement Opens Claims for Patients

MedStar Health $1.35M Data Breach Settlement Opens Claims for Patients

Thousands of medical records were allegedly compromised after email security failed.

  • Data Breach Lawsuit

Last Update

lawsuitlike
lawsuitlike
lawsuitlike

About the MedStar Healthcare Breach

MedStar Health has agreed to resolve a class action lawsuit stemming from an alleged 9-month email data breach in 2023 that purportedly affected over 183,000 patients and employees. 

 

The data breach class action settlement addresses allegations that MedStar failed to implement standard healthcare cybersecurity measures.

 

While MedStar Health denies wrongdoing, the company agreed to create a $1.35 million settlement fund to compensate affected individuals.

 

What Are the MedStar Health Accusations?

Patients in the class action lawsuit say that MedStar Health violated its duty to safeguard sensitive data by storing patient information in unprotected employee email systems.

 

According to court documents, the healthcare provider:

  • Failed to implement reasonable data security measures.
  • Stored protected health information without proper encryption.
  • Delayed notifying affected patients (discovered the breach in March 2024 but didn't notify victims until May 2024).
  • Violated HIPAA and federal healthcare data protection standards.

 

The cyber event alledgedly exposed personal details, including names, mailing addresses, dates of birth, dates of service, provider names, and health insurance information. 

 

Who Can Participate in This Class Action Settlement?

According to the settlement agreement, the following members may take part in this lawsuit:

  • All US residents identified by MedStar as having information potentially compromised.
  • Current and former MedStar patients whose data was exposed.
  • MedStar Health employees with compromised information in the affected email accounts.

 

Participants will also need a Class Member ID from MedStar to make a claim. This unique identifier confirms class member eligibility. 

 

Once certified, class members do not need to provide evidene of actual harm to receive compensation.

Settlement Compensation Options Explained

The MedStar settlement offers three compensation options for eligible participants who file claims. 

 

Cash Payment A - Documented Losses (Up to $5,000)

Members who experienced financial losses related to the data incident can seek reimbursement up to $5,000. Medical records security breaches often lead to unexpected expenses, and this option helps recover those costs.

 

Eligible expenses may include:

  • Bank fees from fraudulent transactions.
  • Identity theft losses.
  • Credit monitoring costs.
  • Travel expenses related to addressing the breach.
  • Long-distance phone charges.
  • Postage for correspondence about the breach.

 

This selection also requires submitting documentation showing that the claimant incurred costs.

 

Cash Payment B - Alternative Payment ($100)

Class members without documented losses may opt to receive a fixed payment without proof of harm.

 

However, the actual amount ($100 estimated) will depend on how many valid claims the settlement administrator receives, which could increase or decrease the payment based on total participation.

 

This straightforward option recognizes that even without financial losses, the violation of medical privacy caused concern and inconvenience to affected individuals.

 

Medical Data Monitoring Service

Beyond cash compensation, all eligible members can claim one year of CyEx Medical Shield Complete. 

 

This healthcare data monitoring service includes:

  • One-bureau credit monitoring
  • Medicare beneficiary monitoring
  • Dark web monitoring for your information
  • Health insurance plan ID monitoring
  • Medical record number monitoring
  • Security freeze assistance
  • Victim assistance if identity theft occurs

 

How to Submit A MedStar Settlement Claim

Participants have two convenient options for filing a claim :

 

Online submission: Visit MedStarSettlement.com and enter your Class Member ID to begin. The online claim form guides you through each step.

 

Mail submission: Download the PDF claim form and mail it to: Kroll Settlement Administration LLC, P.O. Box 22539, New York, NY 10150-5391

 

The claim form asks for basic information and your compensation choice. 

 

If you're seeking documented losses, don’t forget to attach copies of your supporting documents. 

 

Don't have your Class Member ID? Contact the settlement administrator for help confirming your eligibility.

Deadlines for the MedStar Health Lawsuit Settlement

Participants should take note of the following dates to avoid missing deadlines and losing their right to compensation:

 

October 14, 2025: Final deadline to submit a claim.

September 15, 2025: Last day to opt out of the settlement.

November 4, 2025: Final approval hearing at the US District Court for the District of Maryland.

 

After the court grants final approval and resolves all appeals, electronic payments should arrive within 30-60 days.

 

District Court Approval Process

The US District Court for the District of Maryland oversees this data breach class action settlement to ensure fairness to all parties.

 

The court already granted preliminary approval on June 16, 2025, finding the settlement terms reasonable.

 

At the November 4, 2025 final fairness hearing, the judge will:

  • Review any objections from class members.
  • Consider the settlement's overall fairness.
  • Decide whether to grant final approval.

 

Class members have rights during this process. 

 

They can object to the settlement terms by September 15, 2025 or opt out to preserve their right to sue MedStar independently. However, most people choose to remain in the settlement class and file a claim.

 

Steps to Take After Submitting a Claim

While the settlement provides compensation, protecting yourself requires ongoing vigilance. 

 

After submitting a claim, patients should:

  • Check their medical records for inaccuracies.
  • Review their credit reports regularly.
  • Consider placing a fraud alert with credit bureaus.
  • Report suspicious medical billing to insurance companies immediately.

 

Healthcare cybersecurity failures create unique risks since medical information combines financial and health details that cyber criminals find valuable.

 

Protect Your Rights in the MedStar Health Settlement

The October 14, 2025 deadline is approaching quickly, and eligible class members who fail to file will likely lose their share of the $1.35 million settlement fund. 

 

Whether you choose the documented loss option, alternative payment, or the medical data monitoring service, taking action protects your interests. 

 

VISIT THE SETTLEMENT WEBSITE TODAY to secure your claim and protect your health information from cyber thieves.


Frequently Asked Questions (FAQ)

No. You don't need to prove actual harm to receive the $100 alternative cash payment. This option only requires MedStar to identify you as an affected individual. However, if you're seeking reimbursement for documented losses up to $5,000, you must provide receipts or other proof of expenses directly related to the breach.

 

Yes. The settlement explicitly lists credit monitoring costs as a reimbursable expense under Cash Payment A. If you paid for credit monitoring services between January 25, 2025, and the date you submit your claim, you can seek reimbursement up to $5,000 by providing documentation such as receipts or bank statements showing these charges.

 

MedStar sent notifications to the last known addresses of affected individuals in May 2024. If you were a MedStar patient or employee between January 25, 2023, and October 18, 2023, and believe the cyber event may have compromised your information, contact Kroll Settlement Administration LLC directly to verify your eligibility and obtain your Class Member ID if you didn't receive a notification.

 

You can opt out of the settlement by September 15, 2025, which preserves your right to pursue individual legal action against MedStar. However, most attorneys advise that individual lawsuits for data breaches are costly and difficult to prove damages, making the class action settlement a more practical option for most affected individuals.

This is an advertisement. OnlyClassActions is not a law firm or referral service, and we do not provide legal advice. OnlyClassActions provides a free service for individuals seeking legal representation, and we do not charge you to be connected with an attorney. We do not recommend or endorse any attorneys that pay to participate. OnlyClassActions utilizes a pool of attorneys in each jurisdiction, and attorneys are selected through a round-robin process without our evaluating your legal situation when selecting which attorney will receive your information. OnlyClassActions makes no representation about the quality of legal services or the qualifications of any attorney participating in our pool. Information you submit will be shared with third-party attorney(s). An attorney-client relationship is not formed when you submit information through the form. Hiring a lawyer is a critical decision and should not be predicated solely on comments, advertisements, or other content found on any website. You are under no obligation to retain a lawyer who contacts you through this service.

Add Comment