If you received a notice about the Capital Health data breach settlement, the most important thing you need to do is submit your claim form before the April 6, 2026 deadline. You have two options: claim up to $5,000 if you have documented losses from the breach, or claim an estimated $100 cash payment that requires no proof at all. Either way, you can also sign up for three years of free credit monitoring. The settlement website at capitalhealthdatabreachsettlement.com is where you file, and you will need the Unique ID and PIN printed on the notice you received in the mail.
This settlement resolves litigation stemming from a November 2023 ransomware attack on Capital Health Systems, a New Jersey hospital network operating Capital Health Regional Medical Center in Trenton and Capital Health Medical Center–Hopewell. The LockBit ransomware group accessed the system between November 11 and November 26, 2023, and claimed to have stolen 7 terabytes of data — over 10 million files — affecting 503,071 individuals. The total settlement fund is $4.5 million. This article walks through exactly what was compromised, how to decide between the two payment options, what deadlines you cannot miss, and what to watch out for when filing your claim.
Table of Contents
- What Should You Do Before the April 6, 2026 Capital Health Settlement Deadline?
- What Data Was Stolen in the Capital Health Breach and Who Is Affected?
- How the LockBit Ransomware Attack on Capital Health Unfolded
- How to Choose Between the $5,000 Documented Loss and $100 No-Proof Payment Options
- Common Mistakes and Pitfalls When Filing Your Capital Health Claim
- Why the Three Years of Credit Monitoring Matters
- What Happens After the Claim Deadline and Final Hearing
- Frequently Asked Questions
What Should You Do Before the April 6, 2026 Capital Health Settlement Deadline?
The single most important step is to visit capitalhealthdatabreachsettlement.com and submit your claim before April 6, 2026. You will need two pieces of information from the physical notice Capital Health mailed to affected individuals: your Unique ID and your PIN. Without these, the online portal will not let you proceed. If you received a notice but lost it or never got one, contact the settlement administrator listed on the website as soon as possible — do not wait until the last week of March to figure this out. Before you file, decide which payment option makes sense for your situation. Payment Option A covers documented, unreimbursed losses up to $5,000 per person — things like out-of-pocket costs from identity theft, fraud charges, credit monitoring you already paid for, credit freeze fees, mileage to deal with fraud-related errands, postage, and professional fees such as hiring an identity theft repair service.
Payment Option B is a flat cash payment estimated at around $100 that requires no documentation whatsoever. For example, if you spent $40 on a credit monitoring subscription and $15 on certified mail after the breach but have no other losses, Option B’s $100 estimate likely pays you more with zero paperwork. But if you dealt with actual identity theft and racked up $2,000 in professional fees and lost wages, Option A is clearly the better route. There is also an earlier deadline to be aware of. If you want to opt out of the settlement entirely — preserving your right to file your own lawsuit — or if you want to formally object to the settlement terms, that deadline is March 9, 2026. Most people will not need to do either of these things, but if you suffered substantial financial harm that exceeds $5,000, opting out to pursue individual litigation might be worth discussing with an attorney.
What Data Was Stolen in the Capital Health Breach and Who Is Affected?
The breach potentially exposed a wide range of personal and medical information. According to reports filed with the HHS Office for Civil Rights, the compromised data may include names, addresses, dates of birth, Social Security numbers, email addresses, phone numbers, and clinical or medical information. The word “potentially” matters here — not every affected person had every data type exposed. Some individuals may have only had basic contact information compromised, while others may have had their Social Security numbers and medical records accessed. The 503,071 affected individuals include current and former patients, guarantors (people who co-signed or guaranteed payment for a patient’s care), and Capital Health employees. If you fall into any of these categories and interacted with Capital Health’s New Jersey facilities, you may be part of the settlement class.
However, if you received care at a facility that merely shares a similar name but is not part of Capital Health Systems, Inc. in New Jersey, you are not covered by this settlement. Capital Health is a specific entity operating in the Trenton and Hopewell areas — this does not extend to unrelated healthcare providers elsewhere. The severity of your exposure matters when deciding how to respond. If your Social Security number was part of the compromised data, the risk of identity theft is meaningfully higher than if only your name and phone number were exposed. At minimum, everyone affected should claim the three years of free credit monitoring included in the settlement, regardless of which payment option they choose.
How the LockBit Ransomware Attack on Capital Health Unfolded
The LockBit ransomware group, one of the most prolific cybercriminal operations in recent years, gained unauthorized access to Capital Health’s network and maintained that access for roughly two weeks, from November 11 through November 26, 2023. During that window, the attackers moved through internal systems and exfiltrated what they claimed was 7 terabytes of data — a staggering volume that, for context, could contain millions of medical records, billing documents, employee files, and internal communications. Ransomware attacks on hospitals are particularly damaging because healthcare organizations store dense concentrations of sensitive personal data. A single patient record can contain a Social Security number, insurance details, medical diagnoses, prescription history, and payment information — everything needed to commit medical identity theft or financial fraud.
LockBit specifically targeted Capital Health knowing this, and the group publicly claimed responsibility for the attack as a pressure tactic to extract a ransom payment. For affected individuals, the practical concern is not the technical details of how LockBit breached the network but rather what the attackers did with the stolen data. Stolen healthcare data can surface on dark web marketplaces months or even years after the initial breach. This is why the settlement includes three years of credit monitoring rather than just one — the risk window for misuse of this data extends well beyond 2026.
How to Choose Between the $5,000 Documented Loss and $100 No-Proof Payment Options
Payment Option A allows claims up to $5,000 but requires you to submit documentation proving your losses. Eligible expenses include unreimbursed costs from identity theft or fraud directly traceable to the breach, money spent on credit monitoring services, credit freeze and unfreeze fees, mileage for trips to banks or government offices to resolve fraud, postage costs, and professional fees such as accountants or identity restoration services. You will need receipts, statements, or other records showing these expenses. If you claim $3,200 in losses, be prepared to show exactly how you arrived at that number. Payment Option B offers an estimated $100 per class member with no documentation required. The actual amount could go up or down depending on how many people file claims. If relatively few of the 503,071 affected individuals submit claims, the per-person amount could increase.
If a large number file, it could decrease. This uncertainty is a real tradeoff — you might receive slightly more or less than $100, and you will not know the exact figure until after the claims period closes and the settlement administrator tallies the numbers. Here is a practical way to think about it: add up every dollar you spent because of this breach. If that total is under $100, Option B almost certainly pays more for less effort. If your documented losses are between $100 and $200, it is a closer call — the hassle of gathering documentation for Option A may not be worth the marginal difference, especially if Option B’s final payout lands near $100. If your losses exceed $200, Option A starts to make more financial sense. And if you suffered serious identity theft with losses in the thousands, Option A is clearly the right choice. Regardless of which payment option you select, you can also claim the three years of credit monitoring on top of it.
Common Mistakes and Pitfalls When Filing Your Capital Health Claim
The most common reason claims get rejected in data breach settlements is missing or incorrect identification information. You must enter the exact Unique ID and PIN from your mailed notice. If you transpose a digit or mistype a letter, the system may not match you to the class member list. Double-check these numbers carefully before submitting. Another frequent issue involves the documentation for Option A claims. Submitting a vague statement like “I spent approximately $500 dealing with fraud” without supporting records will likely result in your claim being reduced or denied.
The settlement administrator reviews these submissions, and claims without proper backup documentation get flagged. If you are going with Option A, gather your bank statements showing fraudulent charges, receipts from credit monitoring services, screenshots of credit freeze fees, and any invoices from professionals you hired. The more specific and organized your documentation, the better your chances of receiving the full amount you claim. A subtler mistake is waiting until the last day. The April 6, 2026 deadline is firm, and if the settlement website experiences heavy traffic or technical difficulties near the deadline — which happens regularly in large settlements — you may not be able to submit in time. File at least a week before the deadline to give yourself a buffer. If you encounter technical issues, you will still have time to contact the settlement administrator for help.
Why the Three Years of Credit Monitoring Matters
Even if you are skeptical about the cash payment amounts, the credit monitoring benefit is worth claiming. Three years of credit monitoring, valued at roughly $90 per year, gives you alerts when someone tries to open new accounts in your name, when there are changes to your credit report, or when your personal information appears in known data breaches. Given that the Capital Health breach potentially exposed Social Security numbers and medical information, this monitoring serves as an early warning system if your data is misused down the line.
One important note: if you already pay for credit monitoring through another service, check whether the settlement’s offering provides additional coverage or features your current plan does not include. Some settlement credit monitoring packages include dark web surveillance or identity restoration services that go beyond basic credit alerts. Even if there is overlap, having a second monitoring service running costs you nothing and provides redundancy — if one service misses something, the other might catch it.
What Happens After the Claim Deadline and Final Hearing
After the April 6, 2026 claims deadline passes, the court has scheduled a final fairness hearing for July 14, 2026, where a judge will review the settlement terms, consider any objections filed before the March 9 deadline, and decide whether to grant final approval. If approved, the settlement administrator will process claims and distribute payments, though this typically takes several additional months. Do not expect a check in the mail the week after the hearing — most class action settlements take three to six months after final approval before payments go out.
This settlement is part of a broader pattern of healthcare organizations facing significant financial consequences for data breaches. The $4.5 million fund, while substantial, works out to less than $9 per affected person if every single class member filed a claim. The reality is that claim rates in data breach settlements typically run between 5 and 15 percent, which is why the per-person estimates are higher. If you are eligible, filing a claim is one of the few concrete ways to receive compensation for having your personal and medical data compromised — and it takes about ten minutes of your time.
Frequently Asked Questions
How do I know if I am part of the Capital Health data breach settlement?
If you received a notice in the mail with a Unique ID and PIN, you are a confirmed class member. The settlement covers patients, former patients, guarantors, and employees of Capital Health Systems in New Jersey whose data may have been compromised during the November 2023 breach affecting 503,071 individuals.
Can I claim both the cash payment and the credit monitoring?
Yes. You can select either Payment Option A (documented losses up to $5,000) or Payment Option B (estimated $100 with no proof), and you can also claim three years of free credit monitoring on top of whichever payment option you choose.
What if I lost my settlement notice or never received one?
Contact the settlement administrator through the official settlement website at capitalhealthdatabreachsettlement.com. They can verify your eligibility and provide your Unique ID and PIN. Do this well before the April 6, 2026 deadline so there is time to resolve any issues.
Will I definitely receive exactly $100 if I choose Option B?
Not necessarily. The $100 figure is an estimate. The actual amount may be adjusted up or down depending on how many valid claims are submitted. If fewer people file, the per-person amount could increase. If more people file than expected, it could decrease.
What is the difference between opting out and filing a claim?
Filing a claim means you accept the settlement terms and will receive payment from the $4.5 million fund. Opting out means you reject the settlement and preserve your right to sue Capital Health independently. The opt-out deadline is March 9, 2026, which is earlier than the claims deadline. Most people should file a claim unless they suffered losses substantially exceeding $5,000 and want to pursue individual litigation.
When will I actually receive my payment?
After the April 6, 2026 claims deadline, the court holds a final fairness hearing on July 14, 2026. If the settlement is approved, payments typically go out three to six months after that, meaning you could receive your check sometime in late 2026 or early 2027.