The Capital Health data breach settlement has been preliminarily approved for $4.5 million, and affected individuals now have until April 6, 2026 to file a claim for up to $5,000 in documented losses or roughly $100 as a flat cash payment with no paperwork required. The settlement resolves litigation stemming from a LockBit ransomware attack that knocked out Capital Health Systems’ IT infrastructure for more than two weeks in November 2023, exposing the personal and medical data of over 503,000 people. If you received a settlement notice in the mail, you are likely eligible — and the clock is ticking on several deadlines that will determine whether you get paid.
We will also walk through the claim filing process step by step, compare the tradeoffs between taking cash versus credit monitoring, and flag a few common pitfalls that could delay or disqualify your payment. Whether you lost money to identity theft after the breach or simply want your share of the settlement fund, here is what you need to know right now.
Table of Contents
- Who Is Eligible for the Capital Health Data Breach Settlement?
- What Are the Three Compensation Options and How Do They Compare?
- Key Deadlines That Could Make or Break Your Claim
- How to File Your Claim Step by Step
- Common Mistakes That Could Delay or Reduce Your Payment
- What the LockBit Ransomware Attack Actually Exposed
- What Happens After the Final Fairness Hearing
- Frequently Asked Questions
Who Is Eligible for the Capital Health Data Breach Settlement?
You are eligible for compensation if your private information was potentially compromised during the capital Health data breach that occurred between November 11 and November 26, 2023. This includes current and former patients, guarantors, and employees of Capital Health Systems, Inc. The breach exposed a wide range of sensitive data — names, addresses, dates of birth, Social Security numbers, email addresses, phone numbers, and clinical information. Capital Health reported the incident to federal regulators in January 2024, and affected individuals should have received a settlement notice containing a unique ID and PIN needed to file a claim.
One important detail: you do not need to prove that your data was actually misused to be eligible. The settlement covers anyone whose information was “potentially compromised,” which is a lower bar than proving you were a victim of identity theft. That said, if you did suffer concrete harm — fraudulent charges, unauthorized accounts opened in your name, time spent dealing with credit bureaus — you may be entitled to significantly more money under the documented losses option. If you never received a notice but believe you were a Capital Health patient during that period, it is worth visiting CapitalHealthDataBreachSettlement.com to check your eligibility or contact the settlement administrator directly.
What Are the Three Compensation Options and How Do They Compare?
The settlement offers class members three distinct choices, and picking the right one depends entirely on your situation. Cash Payment A covers documented, unreimbursed losses up to $5,000. This is for people who can show receipts, invoices, or bank statements proving they spent money because of the breach — things like paying for credit monitoring out of pocket, dealing with fraudulent charges, or losing wages while sorting out identity theft. You will need third-party documentation, so dig through your records before filing. Cash Payment B is the simpler route: an estimated $100 flat payment with no documentation required. This is designed for people who were affected but cannot easily quantify their losses.
The actual payout is pro-rata, meaning it depends on how many people file claims. If participation is low, you could receive more than $100; if a large share of the 503,000 class members file, it could be less. The third option is three years of one-bureau credit monitoring, which includes dark web scanning, public records monitoring, and identity theft insurance. At roughly $90 per year in retail value, that is about $270 worth of services — but only useful if you do not already have monitoring through another breach settlement or your bank. However, if you already enrolled in credit monitoring after receiving Capital Health’s initial breach notification, you may want to choose the cash payment instead of doubling up on a service you already have. Conversely, if your Social Security number was exposed and you have not set up any monitoring yet, the three-year coverage could be more valuable than a one-time $100 check.
Key Deadlines That Could Make or Break Your Claim
Three dates matter here, and missing any of them could cost you money. The first deadline is March 9, 2026 — that is the cutoff to either opt out of the settlement or file a formal objection. If you opt out, you preserve your right to sue Capital Health independently, but you give up any payment from this settlement. If you object, you stay in the class but tell the court you disagree with the terms. Most people will do neither and simply file a claim, but if you suffered substantial financial harm that exceeds $5,000, speaking with an attorney about opting out may be worth considering. The second and most critical deadline is April 6, 2026, which is the last day to submit your claim. No claim means no payment — the settlement administrator will not send you a check just because you are eligible. You have to actively file. The third date is July 14, 2026, when the court will hold a final fairness hearing to decide whether to grant final approval.
If the judge approves the settlement and no appeals follow, payments will be distributed afterward. Realistically, checks tend to arrive several months after final approval in cases like these, so do not expect money before late 2026 at the earliest. For context, the case — Bruce Graycar, et al. v. Capital Health Systems, Inc. — is being heard in the U.S. District Court for the District of New Jersey. Preliminary approval was granted on November 10, 2025. Capital Health denies any wrongdoing, and the settlement is not an admission of fault or liability.
How to File Your Claim Step by Step
Filing is straightforward if you have your settlement notice handy. Go to CapitalHealthDataBreachSettlement.com and enter the unique ID and PIN printed on your notice. The online form will walk you through selecting your compensation option and, if you choose Cash Payment A, uploading your supporting documentation. The entire process takes about ten minutes for the flat payment option and somewhat longer if you are submitting receipts for documented losses. If you prefer paper, you can download a PDF claim form from the settlement website and mail it to the settlement administrator. Mailed forms must be postmarked by April 6, 2026.
One practical tip: if you are filing for documented losses, make copies of everything you submit. Settlement administrators process thousands of claims, and having your own records protects you if something gets lost. Also photograph or scan your original settlement notice before filing — you may need that ID number again if you have questions about your claim status later. The tradeoff between online and mail filing is mostly about speed and confirmation. Online submissions give you an immediate confirmation number, while mailed forms leave you waiting and hoping. If you are close to the deadline, file online.
Common Mistakes That Could Delay or Reduce Your Payment
The most frequent issue in data breach settlements like this one is failing to file at all. Settlement administrators regularly report that a majority of eligible class members never submit claims, which is money left on the table. Do not assume a check will show up automatically — it will not. For those filing under Cash Payment A, the biggest pitfall is insufficient documentation. If you claim $3,000 in losses but only provide $800 worth of receipts, expect your payment to be reduced to match what you can prove.
The settlement requires third-party documentation — your own written statement about what happened is generally not enough on its own. Bank statements showing fraudulent transactions, invoices from credit monitoring services, or records of time spent on the phone with credit bureaus at a reasonable hourly rate are the kinds of evidence that hold up. Another limitation worth noting: payments will not be issued until after the final fairness hearing on July 14, 2026, and only if the court grants final approval and all appeals are exhausted. If someone objects and appeals the settlement, that timeline could stretch considerably. There is no way to speed this up, and the settlement administrator has no control over the court’s schedule.
What the LockBit Ransomware Attack Actually Exposed
The Capital Health breach was not a minor incident. LockBit, one of the most prolific ransomware operations in the world, hit Capital Health’s systems and caused a full IT outage lasting from November 11 through November 26, 2023. During that period, the health system — which operates hospitals and medical facilities in New Jersey — had to operate with significant technology disruptions. The data exposed went beyond the usual names and email addresses.
Social Security numbers, clinical information, and dates of birth were all potentially compromised, creating a serious and ongoing risk of identity theft and medical fraud. For someone whose clinical data was exposed, the concern extends beyond financial fraud. Medical identity theft — where someone uses your information to obtain healthcare services or prescription drugs — can corrupt your medical records in ways that are difficult to detect and dangerous to your health. This is one reason the credit monitoring option includes dark web scanning: stolen medical data often surfaces on underground marketplaces months or years after a breach.
What Happens After the Final Fairness Hearing
The July 14, 2026 hearing is where the judge will evaluate whether the $4.5 million settlement is fair, reasonable, and adequate for the class of over 503,000 affected individuals. If approved, the settlement administrator will begin processing payments. The timeline from final approval to checks arriving varies, but in comparable data breach settlements, it typically takes three to six months after approval — assuming no appeals.
If the settlement is not approved or faces significant objections, the parties may need to renegotiate or proceed to trial. This is relatively uncommon in cases that have already received preliminary approval, but it is not impossible. For now, the most productive thing you can do is file your claim before April 6, 2026, select the compensation option that best fits your situation, and then wait for the process to play out.
Frequently Asked Questions
Do I need a lawyer to file a claim in the Capital Health settlement?
No. The claim process is designed for individuals to complete on their own, either online or by mail. Class counsel already represents the class as a whole. However, if you suffered significant losses exceeding $5,000, you may want to consult an attorney about whether opting out and pursuing an individual claim makes sense.
What if I lost my settlement notice or never received one?
Visit CapitalHealthDataBreachSettlement.com and contact the settlement administrator to verify your eligibility. You may be able to get your unique ID and PIN reissued. If you were a Capital Health patient or employee during the breach period and believe you should be included, reach out before the filing deadline.
Can I file for both the cash payment and the credit monitoring?
The three options — documented losses, flat cash payment, and credit monitoring — are presented as separate choices. You select one. You cannot combine the flat $100 payment with credit monitoring, for example. If you are choosing between Cash Payment A (documented losses) and the other options, consider which reflects your actual situation.
When will I receive my payment?
Not before the final fairness hearing on July 14, 2026. After the court grants final approval — and assuming no appeals — the settlement administrator will process and mail payments. Based on similar settlements, expect checks to arrive in late 2026 or early 2027.
Is the $100 flat payment guaranteed?
The $100 figure is an estimate. The actual amount is calculated on a pro-rata basis from the settlement fund after attorney fees and administrative costs. If fewer people file claims, individual payments could be higher. If participation is heavy, they could be lower.
What if I already have credit monitoring from another data breach?
You can still choose the credit monitoring option, but it may not add much value if your existing service already covers the same features. In that case, the flat cash payment is probably the more practical choice.
You Might Also Like
- SiriusXM Settlement Update: Key Dates, Eligibility, And Next Steps
- How To File A Claim In The Capital Health Data Breach Settlement
- Capital Health Data Breach Settlement Deadline: What To Do Before April 6, 2026