The Capital Health data breach settlement follows a specific timeline that every affected individual should know: the court granted preliminary approval on November 10, 2025, the deadline to file objections or request exclusion is March 9, 2026, claims must be filed by April 6, 2026, and the final fairness hearing is scheduled for July 14, 2026. Payments will be distributed after final approval and resolution of any appeals. The $4.5 million settlement resolves claims stemming from a November 2023 ransomware attack that compromised personal data belonging to more than 503,000 patients and employees.
For someone who received a settlement notice in the mail, understanding this timeline is the difference between collecting up to $5,000 in documented losses or missing out entirely. The claim filing deadline of April 6, 2026 is a hard cutoff, and there is no mechanism to submit a late claim once it passes. This article walks through each phase of the settlement process, explains what the payment options actually look like, breaks down the objection and exclusion procedures, and covers what to expect between now and the day checks arrive.
Table of Contents
- What Are the Key Dates in the Capital Health Settlement Timeline?
- How Much Can You Actually Get from the Capital Health Settlement?
- What Happened in the Capital Health Data Breach?
- How to File a Claim Before the April 2026 Deadline
- Objections and Exclusions — What to Know Before March 9, 2026
- What Happens at the Final Fairness Hearing on July 14, 2026?
- What to Expect After Final Approval
- Frequently Asked Questions
What Are the Key Dates in the Capital Health Settlement Timeline?
The settlement timeline spans roughly eight months from preliminary approval to the final hearing. After the court granted preliminary approval on November 10, 2025, the settlement administrator began mailing notices to the 503,071 individuals identified as class members. Those notices contain a unique ID and PIN that you need to file a claim, so if you received one, do not throw it away. The next critical date is March 9, 2026, which is the deadline both for objecting to the settlement terms and for requesting exclusion from the class. Following the exclusion and objection window, class members have until April 6, 2026 to submit their claims.
This can be done online at capitalhealthdatabreachsettlement.com using the credentials from the mailed notice, or by downloading and mailing a paper claim form. The final fairness hearing is set for July 14, 2026, at which point the judge will consider any objections, evaluate the settlement terms, and decide whether to grant final approval. Actual payment distribution happens only after that approval, and if anyone appeals, it could add months or even a year to the process. One comparison worth noting: in many data breach settlements, the gap between preliminary approval and the claim deadline is only 60 to 90 days. Here, class members get nearly five months, which is relatively generous. That said, waiting until the last week to file is risky because website outages and mailing delays can easily push you past the deadline.
How Much Can You Actually Get from the Capital Health Settlement?
Class members have two cash payment options, and they are mutually exclusive. Payment Option A covers documented, unreimbursed losses related to the data breach, with a cap of $5,000 per person. This includes costs like identity theft remediation, fees for credit freezes, charges from fraudulent transactions that were not reimbursed by your bank, and time spent dealing with the fallout. Payment Option B is a flat pro rata cash payment estimated at roughly $100 for anyone who does not submit documentation of specific losses. The $100 estimate for Option B is just that, an estimate. Pro rata means the available funds are divided among everyone who files a valid claim.
If a large number of the 503,071 class members file for Option B, that per-person amount drops. In some data breach settlements, the pro rata payment has ended up in the single digits when participation was high. However, data breach settlement claim rates are historically low, often in the 5 to 15 percent range, so $100 is a plausible projection. In addition to whichever cash option you choose, all class members can receive three years of free one-bureau credit monitoring. The monitoring package includes dark web scanning, public records monitoring, and identity theft insurance, valued at approximately $90 per year. If you already pay for credit monitoring through another service, this could save you roughly $270 over the three-year period. One limitation to keep in mind: this is one-bureau monitoring, not three-bureau, so it will not catch fraudulent activity reported only to the bureaus it does not cover.
What Happened in the Capital Health Data Breach?
Capital Health Systems experienced an IT systems outage that ran from November 11 through November 26, 2023. During that period, an unauthorized third party accessed files containing private information belonging to patients and employees. The LockBit ransomware group later claimed responsibility, stating it had exfiltrated 7 terabytes of data. The group threatened to publish the stolen data on January 9, 2024 if Capital Health did not pay a ransom. The breach affected 503,071 individuals according to Capital Health’s filing with the U.S. Department of Health and Human Services Office for Civil Rights.
That number includes both patients of Capital Health facilities and employees whose personnel records were stored on the compromised systems. The first lawsuit was filed on December 19, 2023, less than a month after the outage began, and additional lawsuits followed before the cases were consolidated into *In re: Capital Health Data Breach Litigation*. For context, the LockBit group was one of the most prolific ransomware operations globally at the time of this attack. When a ransomware group exfiltrates data before encrypting systems, the risk to individuals is not theoretical. That stolen data can be sold on dark web marketplaces, used for targeted phishing, or leveraged for identity theft. This is exactly why the settlement includes credit monitoring as a baseline benefit for every class member, not just those who can prove they have already been harmed.
How to File a Claim Before the April 2026 Deadline
Filing a claim requires either the unique ID and PIN printed on your settlement notice or enough identifying information for the administrator to locate you in the class member database. The fastest route is filing online at capitalhealthdatabreachsettlement.com. If you prefer paper, you can download a PDF claim form from the same website or request one by mail from the settlement administrator. If you are choosing Payment Option A for documented losses, you need to gather supporting evidence before you start the claim. This means bank or credit card statements showing fraudulent charges, receipts for credit monitoring services you purchased, records of time spent on the phone with banks or credit bureaus, and any correspondence related to identity theft.
The $5,000 cap is per person, not per incident, so compile everything into a single claim. By contrast, Payment Option B requires minimal documentation since you are simply attesting that you were affected and want the flat payment. The tradeoff between the two options is straightforward but worth thinking through. If you spent $150 on a credit monitoring subscription after the breach and had a $300 fraudulent charge your bank did not fully reimburse, Option A nets you $450, far more than the estimated $100 from Option B. But if your only real cost was the inconvenience of changing passwords and monitoring your accounts, Option B gives you a guaranteed payment without the hassle of collecting documentation. Either way, you also get the three years of credit monitoring.
Objections and Exclusions — What to Know Before March 9, 2026
The March 9, 2026 deadline applies to two distinct actions, and confusing them can cause problems. Filing an objection means you remain in the settlement class but want to tell the court why you believe the terms are inadequate. Requesting exclusion means you opt out of the class entirely, giving up your right to any payment but preserving your right to file your own individual lawsuit against Capital Health. These are opposite strategies, and you cannot do both. Objections must typically be filed in writing with the court and served on the attorneys for both sides.
If the judge finds the objections persuasive at the July 14 final fairness hearing, the settlement could be modified or, in rare cases, rejected. However, in practice, most data breach settlements survive objections and receive final approval. The $4.5 million fund, while not enormous divided among half a million people, is within the range courts have found reasonable for healthcare data breaches of this scale. One warning: if you request exclusion thinking you will file a bigger individual lawsuit, understand that individual data breach cases are extremely difficult to win unless you can prove concrete financial harm directly traceable to this specific breach. Most plaintiffs’ attorneys will not take an individual case on contingency when the potential recovery is modest. For the vast majority of class members, staying in the settlement and filing a claim is the practical choice.
What Happens at the Final Fairness Hearing on July 14, 2026?
At the final fairness hearing, the judge reviews the settlement terms, considers any objections filed by class members, and hears arguments from both the plaintiffs’ attorneys and Capital Health’s legal team. The court evaluates whether the settlement is fair, reasonable, and adequate given the facts of the case, the risks of continued litigation, and the benefits to the class. For example, the judge will weigh the $4.5 million fund against the likelihood that plaintiffs would recover more at trial, which is never guaranteed in data breach cases given evolving legal standards around standing and damages.
If the judge grants final approval, the settlement becomes binding on all class members who did not opt out. The settlement administrator then processes claims, verifies documentation for Option A filers, and calculates the pro rata amounts for Option B. Payment distribution typically begins 30 to 60 days after final approval, assuming no appeals. If a class member or other party files an appeal, the entire payment process is frozen until the appellate court resolves the matter, which can take a year or longer.
What to Expect After Final Approval
Assuming the settlement receives final approval in July 2026 and no appeals are filed, checks should arrive in late 2026 or early 2027. The settlement administrator will mail payments to the addresses on file, so if you move between now and then, updating your address with the administrator is essential to avoid delays. The official settlement website will post updates on the payment schedule as the process moves forward.
Looking ahead, the Capital Health settlement is part of a broader wave of healthcare data breach litigation that shows no signs of slowing down. The healthcare sector remains one of the most targeted industries for ransomware attacks, and courts are increasingly willing to certify settlement classes in these cases. For the 503,071 people affected by this particular breach, the immediate next step is clear: file a claim before April 6, 2026, and make sure you are set up to receive what you are owed.
Frequently Asked Questions
How do I know if I am part of the Capital Health settlement class?
If you received a notice in the mail with a unique ID and PIN, you are a confirmed class member. The class includes the 503,071 patients and employees whose data was compromised during the November 2023 breach. If you believe you should be included but did not receive a notice, visit capitalhealthdatabreachsettlement.com for instructions.
Can I file a claim for both Payment Option A and Payment Option B?
No. The two cash payment options are mutually exclusive. You choose either Option A for documented losses up to $5,000 or Option B for the estimated $100 flat payment. However, all class members receive three years of credit monitoring regardless of which cash option they select.
What qualifies as a documented loss under Payment Option A?
Documented losses include unreimbursed costs directly related to the data breach, such as identity theft expenses, bank fees from fraudulent transactions, the cost of credit monitoring services purchased after the breach, and out-of-pocket expenses for credit freezes or fraud alerts. You will need receipts, statements, or other proof.
What happens if I do nothing and miss the April 6, 2026 claim deadline?
If you do not file a claim or request exclusion, you remain a class member bound by the settlement terms but receive no cash payment and no credit monitoring. You also give up your right to sue Capital Health individually over this breach.
Will the $100 flat payment amount change?
Yes, it could. The $100 figure is an estimate based on projected claim rates. If more people file claims, the per-person amount decreases. If fewer people file, it could increase. The final amount will not be calculated until after the claim deadline passes.
How long after the final hearing will payments be sent?
If the court grants final approval on July 14, 2026 and no appeals are filed, payments typically begin within 30 to 60 days. Appeals can delay distribution by a year or more.