Rebound Orthopedics & Neurosurgery P.C. has agreed to pay $2.5 million to settle a class action lawsuit stemming from a February 2024 cyberattack that compromised the personal and medical data of 426,536 patients. If you were a patient of Rebound Orthopedics in Vancouver, Washington, you may be entitled to up to $5,000 in reimbursement for documented losses, or an estimated $75 cash payment — plus two years of free credit and medical data monitoring. Claims are open now and must be filed by May 28, 2026. The case, *Cooper, et al.
V. Rebound Orthopedics & Neurosurgery P.C.* (Case No. 25-2-00545-06), was filed in the Superior Court for Clark County, Washington. The breach knocked all of Rebound’s external computer systems offline, including patient portals and scheduling systems, exposing highly sensitive information like Social Security numbers, passport numbers, and medical records.
Table of Contents
- What Is the $2.5M Rebound Orthopedics Data Breach Settlement and Who Qualifies?
- What Compensation Can You Actually Get From This Settlement?
- Why the Rebound Orthopedics Breach Was Especially Dangerous
- How to File Your Claim Before the May 28, 2026 Deadline
- Common Pitfalls That Could Reduce or Void Your Claim
- What the CyEx Medical Shield Complete Monitoring Covers
- What Happens After the Final Approval Hearing
- Frequently Asked Questions
What Is the $2.5M Rebound Orthopedics Data Breach Settlement and Who Qualifies?
The $2.5 million settlement fund was established to compensate the roughly 426,536 individuals whose data was compromised during the February 2024 cyberattack on Rebound Orthopedics & Neurosurgery P.C. Class members include patients whose full names, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, medical information, health insurance details, or financial account information were exposed. If you received a notice in the mail with a Unique ID and PIN, you are an identified class member. To put the scope in perspective, 426,536 affected patients makes this one of the larger healthcare data breaches to result in a class settlement in the Pacific Northwest.
Compare that to the typical hospital data breach, which affects tens of thousands — not hundreds of thousands. The breadth of data exposed here is also notable. This was not a case where only names and email addresses leaked. The compromised information included government-issued identification numbers, financial accounts, and detailed medical records, which creates layered risks for identity theft, insurance fraud, and medical identity theft.
What Compensation Can You Actually Get From This Settlement?
Class members have two compensation options. Option 1 allows reimbursement for documented, unreimbursed out-of-pocket expenses up to $5,000 per person. This covers costs like credit monitoring services you already paid for, bank fees from fraudulent transactions, costs related to freezing or unfreezing credit, and time spent dealing with identity theft issues tied to the breach. You will need receipts, statements, or other documentation to support these claims. Option 2 is a one-time pro rata cash payment, estimated at approximately $75 per class member. This figure could shift depending on how many valid claims are submitted.
If fewer people file, the per-person amount goes up. If the claims volume is high, it could decrease. However, if you have no documented losses but were still affected by the breach, Option 2 is your path to compensation without needing to gather paperwork. One important caveat: you cannot claim both reimbursement under Option 1 and the cash payment under Option 2 — you must choose one or the other. Regardless of which option you select, all class members are eligible for a two-year membership to CyEx Medical Shield Complete, a credit and medical data monitoring service. Given that the breach included medical records and health insurance information, this monitoring covers a gap that standard credit monitoring services typically miss.
Why the Rebound Orthopedics Breach Was Especially Dangerous
The February 2024 cyberattack did not just skim surface-level data. When Rebound’s external systems went offline, the attackers had access to a particularly toxic combination of personal, financial, and medical information. Social Security numbers alone can fuel identity theft for years, but when paired with dates of birth, driver’s license numbers, and passport numbers, the damage potential multiplies. Criminals can open new credit lines, file fraudulent tax returns, and even obtain government documents using this kind of data bundle.
Medical data adds another layer that many people overlook. Medical identity theft — where someone uses your health insurance information to receive treatment, fill prescriptions, or file false claims — can corrupt your medical records. Imagine showing up for surgery and your chart lists a blood type or allergy status that belongs to the person who stole your identity. According to multiple studies, medical identity theft is harder to detect and more expensive to resolve than financial identity theft, often costing victims over $13,000 on average to clean up. The fact that Rebound Orthopedics is a specialized practice handling orthopedic and neurosurgery patients also means the medical records at stake may include detailed surgical histories, imaging records, and treatment plans — the kind of information that is essentially impossible to change once exposed.
How to File Your Claim Before the May 28, 2026 Deadline
Filing a claim is straightforward. Visit the official settlement website at [rebounddatasettlement.com](https://rebounddatasettlement.com/) and log in using the Unique ID and PIN printed on your mailed notice. From there, you can select your compensation option, upload supporting documentation if you are filing under Option 1, and submit your claim electronically. If you prefer to file by mail, paper claim forms are also accepted, but they must be postmarked no later than May 28, 2026.
There is no advantage to filing online versus by mail in terms of priority — what matters is meeting the deadline. That said, online filing gives you immediate confirmation that your claim was received, while a mailed form relies on postmark proof and processing time. If you are filing for reimbursement under Option 1, the online portal is particularly helpful because you can upload digital copies of receipts and statements directly rather than mailing photocopies. If you lost your notice or cannot locate your Unique ID and PIN, check the FAQ page at [rebounddatasettlement.com/faq](https://rebounddatasettlement.com/faq/) for instructions on how to request replacement credentials. Do not wait until the last week of May to address this — processing replacement IDs takes time.
Common Pitfalls That Could Reduce or Void Your Claim
The biggest mistake people make with data breach settlements is filing under the reimbursement option without adequate documentation. If you choose Option 1 and claim $3,000 in losses but only have receipts for $400, your claim will likely be adjusted down — or flagged for review. Only claim amounts you can actually prove with bank statements, credit monitoring invoices, or other written records. Vague claims about “stress” or “time spent worrying” without specific, documented monetary losses will not be reimbursed under this settlement. Another common issue is missing the exclusion deadline. If you want to preserve your right to file your own individual lawsuit against Rebound Orthopedics — say, because your losses exceed $5,000 — you must opt out of the settlement by May 28, 2026.
Once the settlement receives final approval after the June 12, 2026 hearing, participating class members release their claims against Rebound. This is a real tradeoff: the settlement offers certainty and speed, but caps your recovery. An individual lawsuit could theoretically yield more, but it requires hiring an attorney, years of litigation, and carries no guarantee of a better outcome. You should also be aware that opting out and objecting are two different things. An objection means you stay in the class but want the court to change the settlement terms. An exclusion means you leave entirely.
What the CyEx Medical Shield Complete Monitoring Covers
The two-year CyEx Medical Shield Complete membership included for all class members goes beyond standard credit monitoring. It covers credit file monitoring across major bureaus, but also includes medical data monitoring — a feature specifically relevant to this breach since health insurance and medical records were compromised.
For example, if someone attempts to use your health insurance information at a pharmacy or medical office, the monitoring service can flag the activity. This is worth enrolling in even if you choose the cash payment option. Medical identity theft often surfaces months or years after the initial breach, and having an active monitoring service during that window gives you an early warning system you would otherwise lack.
What Happens After the Final Approval Hearing
The Final Approval Hearing is scheduled for June 12, 2026, in the Superior Court for Clark County, Washington. At that hearing, the judge will review the settlement terms, consider any objections filed by class members, and decide whether to grant final approval. Assuming the settlement is approved — and most class action settlements at this stage are — claim processing and payments typically follow within a few months.
Healthcare data breaches continue to increase in frequency and severity, and settlements like this one reflect a growing legal expectation that medical providers invest adequately in cybersecurity. For affected patients, the settlement does not undo the exposure, but it provides a concrete mechanism for compensation and monitoring. File your claim before May 28, 2026, and enroll in the monitoring service regardless of which payment option you choose.
Frequently Asked Questions
How do I know if I am part of the Rebound Orthopedics settlement class?
If you were a patient of Rebound Orthopedics & Neurosurgery P.C. and your data was compromised in the February 2024 breach, you should have received a notice by mail with a Unique ID and PIN. You can also check your eligibility at [rebounddatasettlement.com](https://rebounddatasettlement.com/).
Can I file a claim if I did not suffer any financial losses from the breach?
Yes. Option 2 provides an estimated $75 pro rata cash payment to class members regardless of whether they experienced documented financial losses. You are also eligible for two years of free credit and medical data monitoring.
What is the deadline to file a claim?
All claims must be submitted online or postmarked by mail no later than May 28, 2026.
Can I opt out and still receive settlement benefits?
No. If you exclude yourself from the settlement, you give up all benefits — including the cash payment, reimbursement, and monitoring service. Opting out preserves your right to file your own lawsuit, but you receive nothing from this settlement.
What if my losses from the breach exceed $5,000?
The settlement caps per-person reimbursement at $5,000. If your losses are significantly higher, you may want to consider opting out and pursuing an individual claim, though that carries its own costs and risks. The opt-out deadline is also May 28, 2026.
When will payments be sent out?
Payments will be distributed after the court grants final approval at the June 12, 2026 hearing and after all claims have been processed. This typically takes several months following final approval.
You Might Also Like
- Proof Required Or Not: What The Capital Health Data Breach Settlement Actually Needs
- Proof Required Or Not: What The 23andMe Customer Data Security Breach Settlement Actually Needs
- Is The Capital Health Data Breach Settlement Legit, And How Do You Check Eligibility