Compassion Health Care has agreed to a class action settlement of up to $600,000 related to a cybersecurity incident identified on or around March 17, 2025 that involved unauthorized access to protected health information (PHI) of approximately 23,600 individuals.
Data Breach Incident And Exposed Information
Compassion Health Care is a medical practice located in Yanceyville, North Carolina. A cybersecurity incident was identified on or around March 17, 2025, and a forensic investigation determined that an unauthorized third party gained access to the organization’s systems.
The investigation determined that the unauthorized access may have allowed acquisition of PHI and personal information stored in the systems. The breached information potentially included names, addresses, phone numbers, birth dates or ages, Social Security numbers, driver’s license numbers, medical insurance details, claims data, and clinical or diagnostic data.
Compassion Health Care sent breach notification letters to the 23,600 affected individuals on or around May 16, 2025.
Class Action Litigation
The first class action lawsuit connected to the incident was filed on May 23, 2025. Two additional lawsuits followed. On July 2, 2025, the consolidated lawsuit was filed in the Caswell County Superior Court for the State of North Carolina under the case name Allin v. Compassion Health Care.
The litigation alleged that the cyberattack occurred as a result of not implementing reasonable and appropriate cybersecurity measures. Lack of HIPAA training for employees may also be involved. The claims included breach of implied contract, negligence or negligence per se, unjust enrichment, and breach of confidence.
Settlement Terms
Following negotiations between the parties, a settlement agreement is reached, though there was no admission of liability or wrongdoing by the defendant. The court already gave preliminary approval of the finalized settlement.
The settlement established a funding cap of up to $600,000 to support the resolution of the litigation and associated costs. The settlement fund will be paid for valid claims submitted by settlement class members, settlement administration costs, attorneys’ fees and expenses, and class representatives’ service awards.
Settlement class members may submit a claim for one of two cash payment options. Claimants with documented qualifying losses may request reimbursement up to $5,000 per individual. An alternate payment option provides a fixed cash payment of $40 for individuals without documentated losses.
Claimants may also seek reimbursement for time spent responding to the incident. Up to four hours of lost time may be compensated at a rate of $25 per hour within the documented loss payment cap. Settlement class members may get medical data monitoring services. The settlement provides two years of credit monitoring that includes identity theft protection and monitoring services. (Source 1)
Settlement Participation Deadlines And Court Hearing
Settlement claim forms must be submitted by February 23, 2026 for CPT ID numbers under 20000. Claim forms must be submitted by May 4, 2026 for CPT ID numbers over 20000. Individuals who choose to exclude themselves from the settlement must submit exclusion requests by February 7, 2026 for CPT ID numbers under 20000 or by April 20, 2026 for CPT ID numbers over 20000. The final fairness hearing for the settlement is scheduled for May 18, 2026.
