The official website for the Capital Health data breach settlement is CapitalHealthDataBreachSettlement.com, and it is the only legitimate site where affected individuals can file a claim for their share of the $4.5 million class action settlement. You can verify this by visiting Capital Health’s own incident page at capitalhealth.org/information-technology-security-incident, which links directly to the settlement site, confirming its authenticity. If you received a notice in the mail with a unique Settlement ID, that notice will also list this same URL.
This settlement stems from a November 2023 ransomware attack by the LockBit group, which compromised the personal and medical data of 503,071 individuals connected to the New Jersey-based hospital network. Class members can claim up to $5,000 for documented losses, receive an estimated $100 flat cash payment, or opt for three years of credit monitoring. The claim filing deadline is April 6, 2026, so time is limited. This article walks through exactly how to confirm you are on the real settlement website, what red flags to watch for on fake sites, how the claims process works, what compensation options are available, and key deadlines you cannot afford to miss.
Table of Contents
- How Do You Verify the Official Capital Health Settlement Website Is Legitimate?
- What Data Was Stolen in the Capital Health Breach and Who Is Affected?
- What Compensation Can You Claim from the $4.5 Million Settlement?
- How to File Your Claim Before the April 2026 Deadline
- Common Scams and Red Flags Around Data Breach Settlements
- Why the LockBit Attack on Capital Health Was Unusual
- What Happens After the Final Fairness Hearing
- Frequently Asked Questions
How Do You Verify the Official Capital Health Settlement Website Is Legitimate?
The most reliable way to verify the capital Health settlement website is to trace it back to Capital Health itself. Go to capitalhealth.org, navigate to their information technology security incident page, and look for the link to the settlement site. When you click through, you should land on CapitalHealthDataBreachSettlement.com. That chain of trust, from the hospital network’s own domain to the settlement page, is the strongest confirmation you can get. No scam site can replicate that link from Capital Health’s official domain. You can also verify legitimacy by contacting the settlement administrator directly. The administrator can be reached by phone at [see official settlement website] or by mail at Capital Health Data Breach Litigation Settlement Administrator, PO Box 4008, Portland, OR 97208-4008. If you call that number and the representative confirms the same URL, you have a second independent verification.
The case itself, Bruce Graycar, et al. v. Capital Health Systems, Inc., Civil Action No. 3:23-CV-1418-L23234-MAS-JTQ, is a matter of public record, and court documents filed in the case will reference the same official settlement website. Compare this to what scam sites typically do. They often use slightly altered domain names, like adding extra words or using different top-level domains such as .net or .info. They may ask for sensitive information upfront before you even file a claim. The real settlement site requires your unique Settlement ID from your mailed notice to log in at capitalhealthdatabreachsettlement.com/Login. If a site does not ask for that specific ID, or asks for your full Social Security number on the landing page, walk away.
What Data Was Stolen in the Capital Health Breach and Who Is Affected?
Between November 11 and November 26, 2023, the LockBit ransomware group infiltrated Capital Health Systems’ network and exfiltrated approximately 7 terabytes of data. LockBit claimed the haul included over 10 million files. Unlike many ransomware attacks that encrypt files and lock organizations out of their own systems, this attack focused on data theft. The stolen information included names, addresses, phone numbers, email addresses, dates of birth, Social Security numbers, and medical information. Capital Health reported to the U.S. Department of Health and Human Services Office for Civil Rights that 503,071 individuals were affected.
If you were a patient, employee, or otherwise had your data in Capital Health’s systems during that window, you may be a class member. However, not everyone who has interacted with Capital Health is necessarily included. The class is defined by the settlement terms, and your eligibility is confirmed by whether you received a notice with a Settlement ID. If you believe you were affected but did not receive a notice, contact the settlement administratorsettlement administrator[contact via the official settlement website] to check your status. One important limitation to understand is that having your data stolen does not automatically mean it has been misused. But the settlement recognizes that the exposure itself creates real risk. Identity theft and medical fraud can surface months or even years after a breach, which is why the settlement includes a credit monitoring option spanning three full years.
What Compensation Can You Claim from the $4.5 Million Settlement?
The settlement offers three distinct compensation paths, and class members need to choose which one fits their situation. The first option allows you to claim up to $5,000 for documented, unreimbursed out-of-pocket losses that resulted from the data breach. This includes costs like credit monitoring services you already paid for, fees related to credit freezes or fraud alerts, unreimbursed charges from identity theft, and time spent dealing with fraud at a reasonable hourly rate. You will need receipts, bank statements, or other documentation to support these claims. The second option is a flat cash payment of approximately $100, distributed on a pro rata basis. This means the actual amount could be higher or lower depending on how many class members file valid claims.
If you suffered no direct financial loss but want compensation for the hassle and risk, this is the simpler route. No documentation is required beyond proving your class membership through your Settlement ID. The third option is three years of credit monitoring, which the settlement values at $90 per year. For someone who has never set up credit monitoring and whose Social Security number was exposed, this is arguably the most practical choice. Consider your circumstances carefully. If you already have credit monitoring through another breach settlement or your bank, the flat cash payment might make more sense. If you have documented losses exceeding $100, the reimbursement claim is the clear winner, though it requires more effort and paperwork.
How to File Your Claim Before the April 2026 Deadline
Filing a claim requires your unique Settlement ID, which was printed on the notice mailed to your last known address. Go to capitalhealthdatabreachsettlement.com/Login and enter that ID to access the claims portal. From there, you select your preferred compensation option and provide whatever documentation applies. For the reimbursement option of up to $5,000, upload or mail copies of your supporting documents. For the flat cash payment, the online form is straightforward and takes just a few minutes. If you prefer to file by mail, your claim form must be postmarked by April 6, 2026. Mail it to the settlement administrator at PO Box 4008, Portland, OR 97208-4008.
The tradeoff between online and mail filing is simple: online is faster, provides immediate confirmation, and lets you upload documents digitally. Mail is slower, gives you no instant confirmation, and risks postal delays. If you are filing close to the deadline, file online. There is one deadline that has already nearly passed. The objection and opt-out deadline is March 9, 2026. If you want to object to the settlement terms or exclude yourself from the class so you can pursue your own lawsuit, that window is essentially closed. For most people, filing a claim is the practical path forward. The final fairness hearing is scheduled for July 14, 2026, after which the court will decide whether to grant final approval and distribution can begin.
Common Scams and Red Flags Around Data Breach Settlements
Settlement scams follow predictable patterns. After a high-profile data breach, fraudulent websites pop up using domain names that look close to the real thing. They may send emails or texts claiming you are owed money and directing you to fake claim forms. Some charge upfront fees to “process” your claim, which no legitimate settlement ever does. Filing a claim with the Capital Health settlement is free. If anyone asks you to pay to file, it is a scam. Another common tactic is phone calls from people claiming to be from the settlement administrator.
They may ask for your Social Security number, bank account details, or other sensitive information over the phone. The real settlement administrator will never cold-call you and ask for your full Social Security number. If you receive such a call, hang up and call the official toll-freetoll-free[contact via the official settlement website] to verify. Be especially cautious of any communication that creates urgency, like claiming your claim will expire in 24 hours. The actual deadline is April 6, 2026, and the settlement administrator will not pressure you with artificial time constraints. One limitation worth noting is that even the official settlement cannot guarantee your data has not already been sold or used on the dark web. The compensation addresses financial losses and provides monitoring tools, but it cannot undo the breach itself. Remain vigilant about your credit reports and financial accounts regardless of whether you file a claim.
Why the LockBit Attack on Capital Health Was Unusual
The LockBit ransomware group’s attack on Capital Health stood out because the attackers chose to steal data rather than encrypt it. In a typical ransomware attack, files are locked and the organization cannot operate until it pays a ransom or restores from backups. Capital Health’s systems remained functional during and after the intrusion, but the attackers walked away with 7 terabytes of files.
This approach, sometimes called data extortion, puts the pressure on the organization by threatening to publish or sell stolen data rather than by disrupting operations. This distinction matters for affected individuals because it means the stolen data exists as complete files in the hands of criminals, not just as encrypted blobs on compromised servers. The risk of that data surfacing in identity theft schemes is real and ongoing, which is why the three-year credit monitoring component of the settlement is particularly relevant for this case.
What Happens After the Final Fairness Hearing
The final fairness hearing is set for July 14, 2026. At that hearing, the court will review any objections, evaluate the settlement terms, and decide whether to grant final approval. If approved, the settlement administrator will begin processing claims and distributing payments.
The timeline for actual checks or direct deposits reaching class members typically runs several months after final approval, depending on the volume of claims and any appeals. If the settlement is not approved or faces significant legal challenges, the process could be delayed further. However, given that the objection deadline has largely passed and the case has progressed through the standard settlement approval stages, final approval is the most likely outcome. Class members who have filed valid claims should expect to receive their compensation sometime in late 2026 or early 2027, though exact timelines are never guaranteed in class action settlements.
Frequently Asked Questions
How do I know if I am part of the Capital Health settlement class?
You should have received a mailed notice with a unique Settlement ID. If you did not receive one but believe your data was held by Capital Health during the November 2023 breach, call the settlement administratorsettlement administrator[contact via the official settlement website] to check your eligibility.
What is the deadline to file a claim?
The claim filing deadline is April 6, 2026. Claims can be filed online at CapitalHealthDataBreachSettlement.com or mailed to PO Box 4008, Portland, OR 97208-4008, postmarked by that date.
Can I claim both the cash payment and credit monitoring?
The settlement offers distinct claim options. Review the official claim form for details on which combinations are permitted, as the specific terms govern what you can select together.
How much will I actually receive from the flat cash payment?
The estimated amount is approximately $100, but the final number depends on how many class members file valid claims. The payment is distributed pro rata from the settlement fund, so fewer claimants means a larger individual payment.
What documentation do I need for the up-to-$5,000 reimbursement claim?
You need proof of unreimbursed, out-of-pocket expenses caused by the breach. This includes receipts for credit monitoring services, bank statements showing fraudulent charges, invoices for identity restoration services, or records of time spent addressing fraud-related issues.
Is there a cost to file a claim?
No. Filing a claim is completely free. If anyone asks you to pay a fee to submit your claim, it is a scam.
You Might Also Like
- SiriusXM Settlement: How To Verify The Official Settlement Website
- Step By Step: Filing The Capital Health Data Breach Settlement Claim Online
- Mail Vs Online Claims: Best Way To Submit The Capital Health Settlement Form