Doctor showing patient medical records

Class Action Settlement Fund Opens For Medusind Data Breach Victims

Revenue cycle management security failure leads to a million-dollar patient compensation fund.

  • Data Breach Lawsuit

Last Update

lawsuitlike
lawsuitlike
lawsuitlike

About the Medusind Data Breach Settlement

Patients of Medusind who received data breach notifications may be eligible to participate in a $5 million class action settlement.

 

In December 2023, cybercriminals purportedly targeted the Miami-based revenue cycle management servers of the healthcare provider, allegedly compromising the sensitive medical and financial information of more than 700,000 patients nationwide.

 

Settlement Overview and Fund Distribution

This settlement fund resolves multiple lawsuits filed against Medusind Inc. claiming healthcare privacy violations. 

The District Courts granted preliminary approval in July 2025, with final approval scheduled for January 2026 in Florida.

 

Medical data breach timeline

In 2023, Medusind detected unauthorized access to its IT network and launched an investigation with cybersecurity forensic experts.

 

The investigation states it confirmed that cybercriminals had accessed and “potentially exfiltrated files” containing patients’ health, financial, and personal information.

 

According to reports filed with state attorneys general, 360,934 individuals initially received data breach notifications, though the class plaintiffs say the total number actually exceeded 700,000 affected patients.

 

Medusind also did not send breach notification letters to affected patients until January 2025—more than a year after the cyberattack reportedly occurred. 

 

Medical Records and Personal Data Allegedly Compromised

According to the privacy lawsuit, the December 2023 cyberattack resulted in unauthorized access to the following patient information:

  • Names, physical addresses, email addresses, and telephone numbers.
  • Social Security numbers, taxpayer IDs, driver's license numbers, and passport numbers.
  • Health insurance policy numbers and claims/benefits information.
  • Medical histories, medical record numbers, and prescription details.
  • Payment information including debit/credit card numbers and bank account details.

 

Class attorneys also argued that the breach has affected class members differently.

 

Some patients had only basic contact information compromised, while others say they experienced a complete breach of their identity and medical privacy.

 

HIPAA violations and patient privacy rights

State and federal healthcare data protection laws require medical providers and their business associates to safeguard protected health information. 

 

According to the complaint, the Medusind cyber theft breached the Health Insurance Portability and Accountability Act of 1999 (HIPPA), as the exposed billing data created multiple risks.

  • Medical identity theft where criminals could use patient information for fraudulent healthcare services.
  • Financial fraud through compromised payment information.
  • Traditional identity theft using Social Security numbers and government IDs.
  • Privacy violations from exposed medical histories and prescription information.

 

Some victims discovered fraudulent activity on their accounts months after the initial breach and have since sought legal remedies to recover costs associated with protecting themselves from ongoing threats.

Settlement Class Member Eligibility Requirements

Medusind patients may participate in this settlement if they meet these criteria:

  • Reside in the United States (including territories).
  • Received a data breach notification letter from Medusind.
  • Breach notice indicated the cyberattack may have impacted the patient’s private information.

 

Medusind medical or dental patients who used the company’s revenue cycle management services during the breach period are not required to prove actual harm. Receiving a breach notification letter may be sufficient to establish eligibility.

 

The settlement agreement also establishes a California Subclass that includes class members who lived in the state on December 29, 2023. 

 

Proposed Compensation Structure for Eligible Members

1. Cash Payment A 

Eligible settlement class members who suffered financial harm can generally claim reimbursement for:

  • Costs to freeze or unfreeze credit reports with agencies.
  • Credit monitoring or identity protection services purchased after the breach.
  • Out-of-pocket expenses from fraudulent charges
  • Professional fees for accountants, attorneys, or identity restoration specialists.
  • Lost time at $25 per hour (up to 10 hours) dealing with breach consequences.
  • Miscellaneous costs like notary fees, postage, copying, and long-distance calls.

Documentation requirements include receipts, bank statements, credit card statements, police reports, IRS forms, or correspondence showing your losses. 

 

2. Cash Payment B 

Qualifying patients who prefer avoiding paperwork or didn't suffer documented losses may select this alternate cash payment option. 

 

The settlement allows for a $100 disbursement that requires no supporting documentation, provided that the claimant submits a valid claim form by the deadline.

 

Pro rata adjustments may increase or decrease this amount based on total claims filed. 

 

3. California Statutory Award 

California's privacy laws provide extra protection for residents. Class members who lived in California on December 29, 2023, may qualify for an estimated $100 statutory award above their chosen payment option.

 

This additional compensation recognizes California's stronger data protection standards. 

 

4. Two Years of Credit Monitoring Services

All class members can activate complimentary credit monitoring including:

  • Real-time alerts when someone uses your personal information.
  • Daily monitoring of credit files at all three bureaus.
  • Dark web surveillance for your exposed data.
  • $1 million identity theft insurance coverage.
  • Dedicated fraud resolution specialists.
  • Lost wallet assistance and identity restoration support.

 

The settlement provides complete coverage for 24 months at no cost to protect against ongoing identity theft risks.

 

How to Submit A Medusind Settlement Claim

 

Online claim 

  1. Visit MedusindDataIncidentSettlement.com.
  2. Click "File a Claim" and enter a unique ID and PIN.
  3. Choose a compensation option (documented losses or $100 flat payment).
  4. Upload documentation if claiming specific losses.
  5. Confirm contact information for payment delivery.
  6. Submit claim electronically.

 

Mail-in claim

Download the PDF claim form from the settlement website to submit a traditional mail claim. Print and complete all sections legibly in blue or black ink and attach copies (not originals) of supporting documentation.

 

Mail completed forms to: Medusind Data Incident Settlement Administrator PO Box 3236 Portland, OR 97208-3236

 

Patient members must postmark their mail in claims by December 29, 2025. The administrator recommends certified mail with tracking for important deadlines.

Important Deadlines for the Breach Settlement

  • December 14, 2025: Last day to exclude yourself from the settlement.
  • December 14, 2025: Deadline to file written objections.
  • December 29, 2025: Final day to submit claim forms (online or postmarked).
  • January 12, 2026: Final approval hearing at 11:00 a.m. in Miami
  • Spring 2026: Estimated payment distribution (75 days after final approval)

 

Missing the claim deadline likely means forfeiting all settlement benefits.

 

Verify Your Eligibility Status

Settlement notices contain unique IDs and PINs that confirm class membership.  

 

Medusind patients who lost or never received this notice may contact the settlement administrator at 1-888-885-6687 to verify status via your name and address or visit www.medusinddataincidentsettlement.com to check their eligibility online.


Frequently Asked Questions (FAQ)

You can still file a claim by calling the settlement administrator at 1-888-885-6687. They'll verify your eligibility using your name and address from their database of affected patients. You can also visit MedusindDataIncidentSettlement.com to check your status online and ask the administrator to resend your claim information.

 

No, you must choose between Cash Payment A (documented losses up to $5,000) or Cash Payment B ($100 flat payment). However, you can receive either payment option plus the two years of free credit monitoring, and California residents can claim the additional $100 statutory award with either option.

 

Qualifying losses include credit monitoring fees you've already paid, costs to freeze/unfreeze credit reports, unreimbursed fraudulent charges, professional fees for identity restoration, notary and mailing costs related to the breach, and up to 10 hours of lost time at $25 per hour spent dealing with breach consequences.

 

No lawyer is needed to submit your claim. The claims website alows individuals to complete claim forms independently, either online at MedusindDataIncidentSettlement.com or by mailing a simple form. The settlement administrator provides free assistance at 1-888-885-6687 if you have questions while filing.

This is an advertisement. OnlyClassActions is not a law firm or referral service, and we do not provide legal advice. OnlyClassActions provides a free service for individuals seeking legal representation, and we do not charge you to be connected with an attorney. We do not recommend or endorse any attorneys that pay to participate. OnlyClassActions utilizes a pool of attorneys in each jurisdiction, and attorneys are selected through a round-robin process without our evaluating your legal situation when selecting which attorney will receive your information. OnlyClassActions makes no representation about the quality of legal services or the qualifications of any attorney participating in our pool. Information you submit will be shared with third-party attorney(s). An attorney-client relationship is not formed when you submit information through the form. Hiring a lawyer is a critical decision and should not be predicated solely on comments, advertisements, or other content found on any website. You are under no obligation to retain a lawyer who contacts you through this service.

Add Comment