The Capital Health Data Breach Class Action Settlement offers up to $4.5 million in total compensation to roughly 503,071 individuals whose personal data was exposed during a November 2023 cyberattack. If you received a notice, you can file a claim form by April 6, 2026, either online at CapitalHealthDataBreachSettlement.com or by mail, choosing between documented losses of up to $5,000 or a flat estimated payment of $100 with no documentation required. Every class member also gets three years of credit monitoring regardless of which payment option they select.
For example, if you were a Capital Health patient who discovered fraudulent charges on your credit card after the breach and spent money on credit monitoring services, you could file under the documented losses path and recover those out-of-pocket costs. Someone who simply had their data exposed but hasn’t seen direct financial harm can still claim the alternative flat payment. This article walks through the specific claim form options, what documentation you need, key deadlines you cannot afford to miss, and practical steps to maximize your recovery from this settlement.
Table of Contents
- What Does the Capital Health Data Breach Settlement Cover and Who Can File a Claim?
- Documented Losses vs. Flat Payment: Understanding Your Two Claim Options
- What Documentation Do You Actually Need for a Maximum Payout?
- How to File Your Claim Before the April 2026 Deadline
- Common Mistakes That Can Get Your Claim Denied
- Three Years of Free Credit Monitoring for All Class Members
- What Happens After Final Approval and What to Expect Going Forward
- Frequently Asked Questions
What Does the Capital Health Data Breach Settlement Cover and Who Can File a Claim?
The settlement resolves a class action lawsuit stemming from an IT systems outage that hit capital Health Systems from November 11 through November 26, 2023. During that period, an unauthorized third party accessed files containing sensitive personal information including names, addresses, phone numbers, email addresses, dates of birth, Social Security numbers, and medical information. The LockBit ransomware group later claimed responsibility for the attack, stating it had exfiltrated roughly 7 terabytes of data from the health system’s networks. The settlement class includes patients, former patients, guarantors, and employees of Capital Health Systems whose information was compromised. If you received a settlement notice in the mail or by email, you are almost certainly a class member.
The breach was reported to the U.S. Department of Health and Human Services Office for Civil Rights as affecting 503,071 individuals, making it one of the larger healthcare data breaches in recent years. Preliminary court approval was granted on November 10, 2025, and the case is now moving toward a final approval hearing scheduled for July 14, 2026. It is worth noting that this settlement covers the data breach itself, not any separate medical malpractice or service disruption claims. If the systems outage caused you to miss a medical appointment or delayed your treatment, those issues fall outside the scope of this particular class action.
Documented Losses vs. Flat Payment: Understanding Your Two Claim Options
The claim form presents two distinct compensation paths, and choosing the right one depends entirely on whether you can prove financial harm tied to the breach. Cash Payment A covers documented, unreimbursed losses up to $5,000 per class member. This includes costs related to identity theft or fraud, credit monitoring services you purchased on your own, fees for freezing and unfreezing your credit, and miscellaneous expenses like mileage to the bank or postage for fraud dispute letters. You must provide supporting documentation such as receipts, account statements, fraud notices, or other third-party records. Cash Payment B is the alternative for class members who do not have documentation of specific financial losses. This option provides an estimated flat payment of $100 with no paperwork beyond the claim form itself.
The actual amount could be adjusted up or down depending on how many people file claims against the $4.5 million fund. However, if you try to submit Cash Payment A with only self-prepared documentation, your claim will likely run into problems. The settlement terms explicitly state that handwritten receipts and personal affidavits are not sufficient on their own. You need third-party records to back up your claimed losses. If you spent $40 on a credit monitoring subscription, you need the receipt or bank statement showing that charge. If you cannot locate that documentation, you are better off filing under Payment B rather than submitting a weak Payment A claim that could be denied entirely.
What Documentation Do You Actually Need for a Maximum Payout?
Building a strong documented loss claim requires gathering records that tie your expenses directly to the Capital Health breach. Start with any fraud alerts or identity theft reports you filed with the FTC, your bank, or local law enforcement after November 2023. These establish a timeline connecting the breach to your losses. Next, pull bank or credit card statements showing unauthorized transactions, charges for credit monitoring services, or fees for credit freezes. For example, say you discovered in January 2024 that someone opened a phone account in your name using information exposed in the breach.
Your documentation package might include the fraud notification from the carrier, a police report, the FTC Identity Theft Report you filed, bank statements showing any overdraft fees caused by the fraudulent activity, and receipts for a credit monitoring service you purchased. Mileage to visit your bank branch in person or postage for mailing dispute letters also qualifies, though the amounts are small. Keep in mind that expenses already reimbursed by your bank, insurer, or another source cannot be claimed again here. The settlement covers unreimbursed losses only. If your bank reversed fraudulent charges in full, those charges do not count toward your $5,000 cap, even though the fraud was real and inconvenient.
How to File Your Claim Before the April 2026 Deadline
You have two filing methods available: submit online through the official settlement website at CapitalHealthDataBreachSettlement.com or mail a paper claim form. The deadline is April 6, 2026, and for mailed claims, the form must be postmarked by that date. Online filing is generally faster and gives you confirmation that your submission went through. Paper forms carry the risk of postal delays and provide no immediate proof of receipt unless you send them via certified mail. If you are filing for documented losses, the online portal typically lets you upload scanned copies of your supporting documents.
This is significantly more convenient than photocopying everything and mailing a thick envelope. On the other hand, if you are filing the flat $100 alternative payment, the form is straightforward enough that either method works fine. The tradeoff is really about reliability: online submission gives you a timestamp and confirmation number, while mail requires you to trust the postal service and the claims administrator’s processing. One important detail that catches people off guard: payments will not be distributed until after the court grants final approval and any appeals are resolved. The final approval hearing is set for July 14, 2026, but if objectors appeal the settlement, distribution could be delayed by months or even longer. Filing early does not get you paid faster, but it does ensure your claim is in the system well before the deadline.
Common Mistakes That Can Get Your Claim Denied
The most frequent error in data breach settlements like this one is submitting a documented loss claim without adequate proof. Filing under Payment A with a handwritten list of expenses and no bank statements or receipts is essentially asking for a denial. If your documentation is thin, seriously consider whether the flat $100 payment is the safer route. A denied Payment A claim does not automatically convert to a Payment B claim, so you could end up with nothing if you overreach. Another common pitfall is missing the deadline entirely. April 6, 2026, is a hard cutoff. There is no late filing period, and claims administrators rarely grant extensions for individual filers.
If you are mailing your form, do not wait until the first week of April. Postal delays, especially around holidays, can push your postmark past the deadline. Set a reminder for mid-March to give yourself a comfortable buffer. Finally, watch out for scam notices and phishing emails that mimic settlement communications. The only legitimate website for this settlement is CapitalHealthDataBreachSettlement.com. Any email directing you to a different URL, asking for your bank login credentials, or requesting an upfront payment to “process your claim” is fraudulent. Legitimate class action settlements never charge filing fees.
Three Years of Free Credit Monitoring for All Class Members
Regardless of which payment option you choose, every class member is entitled to three years of credit monitoring at no cost. This is separate from the cash compensation and does not reduce your payment. The credit monitoring service will alert you to new accounts opened in your name, changes to your credit report, and other suspicious activity tied to your personal information.
Given that the breach exposed Social Security numbers and medical information, the risk of identity theft extends well beyond the typical window for credit card fraud. Medical identity theft in particular can take years to surface. Someone could use your information to obtain medical services, file insurance claims, or even get prescription drugs, and you might not find out until a collections agency contacts you or your insurance denies a legitimate claim due to conflicting records. Three years of monitoring provides a reasonable safety net, but you should remain vigilant even after it expires.
What Happens After Final Approval and What to Expect Going Forward
The final approval hearing on July 14, 2026, is the last major milestone before payments can be distributed. If the court approves the settlement without objections, checks or electronic payments should follow within a few months. If objections are filed and appealed, the timeline stretches unpredictably. In similar healthcare data breach settlements, the gap between final approval and payment has ranged from two months to over a year.
This settlement also reflects a broader pattern in healthcare cybersecurity litigation. Hospitals and health systems have become prime targets for ransomware groups, and the financial consequences are growing. The $4.5 million fund here is significant, but as breach sizes and regulatory scrutiny increase, future settlements could be substantially larger. If you are a Capital Health class member, filing your claim now is the single most important step you can take to secure your share of this resolution.
Frequently Asked Questions
How much money will I receive from the Capital Health data breach settlement?
It depends on which option you choose. Payment A offers up to $5,000 for documented out-of-pocket losses. Payment B provides an estimated $100 flat payment with no documentation required. The actual Payment B amount could change depending on how many claims are filed against the $4.5 million fund.
What is the deadline to file a claim in the Capital Health settlement?
The claim form must be submitted online or postmarked by April 6, 2026. There is also a March 9, 2026 deadline if you want to object to or opt out of the settlement instead of filing a claim.
Can I file a claim if I was an employee of Capital Health, not a patient?
Yes. The settlement class includes patients, former patients, guarantors, and employees of Capital Health Systems whose information was affected by the breach.
What kind of proof do I need for the documented losses claim?
You need third-party records such as receipts, bank or credit card statements, fraud notices, or account statements. Self-prepared documents like handwritten receipts or personal affidavits are not sufficient on their own.
When will settlement payments be sent out?
Payments will be distributed only after the court grants final approval at the hearing scheduled for July 14, 2026, and after any appeals are resolved. This means payments could arrive in late 2026 or later if there are objections.
Do I have to choose between the cash payment and credit monitoring?
No. All class members receive three years of free credit monitoring regardless of whether they file for Payment A or Payment B. The credit monitoring is in addition to any cash compensation.