Proliance Surgeons agreed to a proposed $4,450,000 class action settlement resolving litigation related to a February 2023 data security incident that exposed patient information and affected hundreds of thousands of individuals.
Data Security Incident and Litigation Background
The litigation arises from a data security incident associated with Proliance Surgeons, a HIPAA-certified surgical group headquartered in Seattle, Washington. The incident involved a ransomware attack that allowed unauthorized access to files stored on the organization’s network. Investigators later determined that certain files containing patient data were accessed and that a limited number of files were removed from the network on February 11, 2023.
A third-party forensic investigation confirmed on May 24, 2023 that files containing patient information had been accessed or acquired during the incident. A review of the potentially affected files identified information linked to patient records.
The compromised data included names and contact information. Additional information associated with some individuals included driver’s license numbers, Social Security numbers, financial information, treatment information, and usernames and passwords.
Proliance Surgeons notified affected individuals on November 21, 2023. Notifications were issued after an investigation and file review process to determine the scope of the breached information. Approximately 437,392 individuals are identified as members of the settlement class connected to the February 2023 data security incident.
Class Action Claims
Multiple plaintiffs filed legal claims related to the data security incident. In re: Proliance Surgeons Data Breach Litigation, plaintiffs alleged that the defendant was responsible for increasing the risk of identity theft associated with the exposure of private information in the incident. Claims asserted in the litigation include negligence, breach of implied contract, unjust enrichment, and violation of the Washington Consumer Protection Act.
The defendant denies the allegations and denies liability or wrongdoing in connection with the claims. The litigation proceeded as a class action, allowing individuals with similar claims connected to the incident to pursue relief within a single legal proceeding.
Settlement Terms
The proposed settlement creates a non-reversionary common fund of $4,450,000. The fund is designated to provide compensation and other benefits to individuals whose private information may be or actually compromised in the February 2023 data security incident.
The settlement provides several categories of benefits for eligible class members. Class members may submit claims for reimbursement of recorded out-of-pocket losses of up to $5,000 related to the security incident. Class members may submit claims for a cash payment of up to $599. Class members may request two years of medical identity theft protection and monitoring services through CyEx.
The settlement fund also covers notice and claims administration expenses. Attorneys’ fees, litigation expenses, and service awards for representative plaintiffs may also be paid from the fund if approved by the court.
Eligibility and Participation
United States residents who had their private information exposed in the February 2023 data security incident are included in the settlement class if they received a notice concerning the incident. Persons who are directors or officers of the defendant, certain affiliated entities, the assigned judge, court staff, and individuals who validly opt out of the settlement are excluded from the settlement class.
Class members must submit a claim form to receive settlement benefits. Claim forms may be submitted online or by mail by May 28, 2026. Requests for exclusion from the settlement must be mailed by April 28, 2026. Written objections to the settlement must also be mailed by April 28, 2026.
A Final Fairness Hearing is scheduled for June 26, 2026 in the King County Superior Courthouse in Kent, Washington. The court will review the settlement and determine whether the agreement is fair, reasonable, and adequate.
