Norton Healthcare is distributing an $11 million settlement to compensate affected individuals from a 2023 ransomware attack by the Alphv/BlackCat gang that exposed personal data for approximately 2.5 million people. Class members can receive compensation ranging from $5 to $80 for lost time and documented out-of-pocket expenses up to $2,500, plus three years of medical monitoring services.
If you received a breach notification letter from Norton Healthcare regarding the 2023 incident, you likely qualify for compensation. With a claim deadline of May 18, 2026, timing matters for securing your portion of the settlement.
Table of Contents
- What Was The Norton Healthcare Data Breach?
- Understanding The $11 Million Settlement And Compensation Structure
- Who Is Eligible To Claim From This Settlement?
- How To File A Claim And Submit Documentation
- Understanding The Critical Deadlines You Cannot Miss
- Medical Identity Theft Monitoring—Your Three-Year Protection
- Broader Implications For Healthcare Data Security
What Was The Norton Healthcare Data Breach?
In 2023, Norton Healthcare, a major healthcare system operating nine hospitals and 480 care facilities across Kentucky and Indiana, fell victim to a ransomware attack by the Alphv/BlackCat gang. The cybercriminals gained unauthorized access to the organization’s systems and extracted sensitive personal information affecting approximately 2.5 million individuals. This wasn’t a isolated breach of a single database—it compromised patient records across multiple Norton Healthcare locations, exposing data on a massive scale. The compromised data included highly sensitive information: Social Security numbers, physical addresses, phone numbers, email addresses, and driver’s license numbers.
For healthcare patients, this combination of data is particularly dangerous because it enables identity theft, fraudulent insurance claims, and targeted phishing attacks. The attackers had access to complete identifying profiles, making victims vulnerable not just to immediate fraud but to months or years of identity theft attempts. Norton Healthcare notified affected individuals and filed a notice with the Maine Attorney General, which triggered the class action lawsuit. The breach represents exactly the kind of sophisticated cyber attack that healthcare organizations struggle to prevent, despite significant investments in security infrastructure.
Understanding The $11 Million Settlement And Compensation Structure
The settlement totals $11 million in direct compensation to class members, a decision reached through the class action lawsuit against Norton Healthcare. This fund is divided among three types of compensation: baseline awards for lost time, reimbursement for documented expenses, and medical monitoring services. The structure recognizes that breach victims suffer both immediate costs and long-term risk. For lost time—the hours spent addressing the breach—eligible class members receive a minimum of $5 and a maximum of $80 per person. However, if you have documented out-of-pocket losses directly caused by the breach, you can receive up to $2,500 in reimbursement.
This means someone who spent significant time monitoring their credit reports, paying for credit monitoring services, or dealing with identity theft attempts can recover actual documented costs. The key word is “documented”—you’ll need receipts, statements, or credit reports showing the direct connection to the breach. Beyond cash compensation, Norton Healthcare is funding three years of medical identity theft monitoring services for affected individuals. This is particularly valuable in healthcare breaches where criminals might use stolen information to obtain prescriptions or fraudulent treatment under someone else’s identity. The monitoring service provides early warning if someone attempts to misuse your medical information.
Who Is Eligible To Claim From This Settlement?
You’re eligible if you received a breach notification letter from Norton Healthcare regarding the 2023 ransomware attack or if your personal information was in Norton Healthcare’s systems during the breach. The definition is intentionally broad—the lawsuit sought to include all individuals whose data was accessed, not just those who discovered fraudulent activity. You don’t need to prove you were harmed; simply being in the affected population qualifies you for compensation. If you lived or received healthcare services at any of Norton Healthcare’s nine hospitals or 480 care facilities in Kentucky and Indiana during the time of the breach, or if you interacted with Norton Healthcare in any capacity and provided personal information, check whether you received official notification.
However, one important limitation exists: if you’ve already settled a separate claim with Norton Healthcare or waived your rights to pursue damages, you may be barred from this class action settlement. Review any prior settlement agreements carefully before filing. The class includes not just patients but anyone whose information was in Norton Healthcare’s systems—employees, vendors, or individuals who had contact with the organization. This expansive eligibility means most people affected by the breach can participate.
How To File A Claim And Submit Documentation
Filing a claim requires submitting a claim form to the settlement administrator at the official settlement website, nortondataincidentsettlement.com. The online process guides you through providing your name, contact information, and claim category. For basic lost-time compensation ($5-$80), you typically only need to confirm your identity as an affected individual; no additional documentation is required. If you’re claiming documented out-of-pocket losses up to $2,500, you’ll need to provide supporting documentation: credit card statements showing expenses for credit monitoring services, receipts for identity theft recovery services, medical bills from identity theft attempts, or bank statements showing fraudulent charges. The settlement requires contemporaneous records—documents created around the time of the loss rather than reconstructed later.
Keep all original receipts and statements organized. For example, if you paid $150 for credit monitoring services following the breach, submit your credit card statement showing the charge and any invoice from the monitoring company. The settlement administrator reviews these documents and determines reimbursement amounts. Electronic filing through the website is the fastest method, but paper claims are also accepted if you prefer mailing documentation directly to the claims administrator. Either way, ensure you meet the May 18, 2026 deadline, which is absolute.
Understanding The Critical Deadlines You Cannot Miss
The claim filing deadline is May 18, 2026 at 11:59 p.m.—this is the absolute final moment to submit your claim to receive compensation. After this date, the claims window closes permanently, and no late claims are accepted regardless of circumstances. With today’s date in March 2026, you have roughly two months to gather any documentation and file. This is not an extended deadline; it arrives quickly. Before the claims deadline, there are intermediate deadlines affecting other aspects of the settlement. The opt-out and objection deadline was April 20, 2026, meaning if you wanted to exclude yourself from the settlement or legally challenge it, that window has passed.
The Final Approval Hearing occurs on May 15, 2026 at 10:00 a.m. ET in Jefferson Circuit Court in Louisville, Kentucky, where the judge evaluates whether the settlement adequately compensates the class. This hearing is public, though most class members don’t attend. The lesson here is straightforward: don’t delay filing your claim. The moment you receive notification of this settlement, begin gathering your documentation and file online immediately. Waiting until April or May invites the risk of missing the deadline through technical problems, lost documents, or simple procrastination.
Medical Identity Theft Monitoring—Your Three-Year Protection
Three years of medical identity theft monitoring is included in every settlement award, even if you don’t claim cash compensation. This service monitors medical databases, credit reports, and other sources for unauthorized use of your identity in healthcare contexts. For a healthcare breach specifically, this protection matters because criminals might use your SSN and personal information to obtain prescriptions, receive treatment at other hospitals, or file insurance claims in your name.
The monitoring service typically includes credit report monitoring, SSN tracking, dark web monitoring, and alerts when suspicious activity occurs. Many settlement administrators bundle this with major credit bureaus’ monitoring services, giving you multi-year protection without cost. You’ll enroll in the service when you file your claim, and coverage begins immediately. Unlike opt-in medical monitoring programs that many hospitals offer, this settlement-mandated monitoring is automatic and free for three years.
Broader Implications For Healthcare Data Security
The Norton Healthcare breach and resulting settlement highlight the vulnerability of healthcare organizations to sophisticated ransomware gangs, particularly the Alphv/BlackCat group, which has targeted healthcare providers repeatedly. Despite healthcare organizations’ significant compliance investments in HIPAA and data security protocols, determined attackers continue to gain access and extract patient data. This breach involved a major regional health system with institutional resources, yet the attack succeeded completely.
For consumers, the lesson is that no healthcare organization has eliminated breach risk entirely. What matters is response: whether they notify you promptly, cooperate with law enforcement, and compensate affected individuals. Norton Healthcare’s $11 million settlement demonstrates financial accountability, though no settlement fully compensates the years of identity theft risk and monitoring burden that breach victims face. For your own protection, monitor your healthcare records and credit reports regularly, place fraud alerts on your credit files, and take advantage of the settlement’s medical monitoring services.