If you were a patient, employee, or guarantor of Capital Health Systems and received a notice about the data breach settlement, you are entitled to three years of free credit monitoring and identity protection services as part of the $4.5 million class action resolution. This credit monitoring benefit, estimated at roughly $90 per year or $270 in total value, is available to all 503,071 affected individuals and can be claimed in addition to either of the two cash payment options, not instead of them. So unlike many data breach settlements where you have to choose between monitoring and money, here you can get both.
Beyond the credit monitoring, this settlement offers two paths to cash compensation: up to $5,000 for people who can document actual losses from the breach, or an estimated $100 flat payment for those who simply want to file a claim without digging up receipts. The claims deadline is April 6, 2026, and the final fairness hearing is scheduled for July 14, 2026.
Table of Contents
- Who Qualifies for Credit Monitoring in the Capital Health Data Breach Settlement?
- How Long Does the Free Credit Monitoring Last and What Does It Cover?
- Breaking Down the Two Cash Payment Options
- How to File Your Capital Health Data Breach Settlement Claim Before the Deadline
- Key Deadlines and What Happens After You File
- Why the LockBit Ransomware Attack Made This Settlement Necessary
- What to Watch for After the Settlement Is Finalized
- Frequently Asked Questions
Who Qualifies for Credit Monitoring in the Capital Health Data Breach Settlement?
Every member of the settlement class is eligible for the three-year credit monitoring benefit. The class includes patients, former patients, guarantors, and employees whose personal information was compromised when an unauthorized third party accessed capital Health’s network between November 11 and 26, 2023. The LockBit cybercrime group later claimed responsibility for the attack on January 7, 2024, stating it had stolen over 10 million files. If you received a mailed notice with a Unique ID and PIN, you are a confirmed class member. The data exposed in this breach was extensive. It included names, addresses, dates of birth, Social Security numbers, email addresses, telephone numbers, clinical information, and other personal data.
Because Social Security numbers and clinical records were among the compromised data, the credit monitoring component is particularly relevant here. Someone who had their Social Security number exposed faces a meaningfully different risk profile than someone whose email address was leaked in a retailer breach. Identity thieves can use Social Security numbers to open credit lines, file fraudulent tax returns, and commit medical identity fraud, which is why three years of monitoring matters rather than the one-year token offering that many companies provide after a breach. For comparison, several recent healthcare data breach settlements have offered only 12 to 24 months of credit monitoring. The three-year term here reflects the severity of the data exposed and the volume of records stolen. It also acknowledges that identity theft from healthcare breaches often surfaces later than theft from financial breaches, since medical records can be used in slower-burn fraud schemes.
How Long Does the Free Credit Monitoring Last and What Does It Cover?
The credit monitoring runs for three full years from the date of enrollment, not from the date of the breach or the date the settlement receives final approval. This is an important distinction. If court approval comes in mid-2026 and you enroll shortly after, your coverage would extend into 2029. The service is estimated at $90 per year in value and includes identity protection features beyond simple credit report alerts. However, if you already purchased your own credit monitoring service after learning about the breach, that expense may qualify as a documented out-of-pocket loss under Option A of the cash payment. You could potentially claim reimbursement for what you already spent and still enroll in the settlement-provided monitoring going forward.
Just be aware that any reimbursement claim requires documentation, such as receipts or billing statements showing what you paid and when. One limitation worth noting: the settlement materials do not specify which credit monitoring provider will administer the service. The quality of credit monitoring varies significantly between providers. Some offer single-bureau monitoring while others cover all three bureaus. Some include dark web scanning and Social Security number alerts while others do not. Until the settlement administrator announces the specific provider after final approval, class members will not know exactly what tier of service they are getting.
Breaking Down the Two Cash Payment Options
The settlement offers two distinct cash payment tracks, and understanding the difference is critical to maximizing your payout. Option A allows class members to claim up to $5,000 for documented, unreimbursed losses tied to the breach. These could include receipts for credit monitoring services you purchased on your own, costs associated with identity theft remediation, bank fees from fraudulent transactions, or time spent dealing with fraud at a documented hourly rate. For example, if you discovered fraudulent accounts opened using your stolen Social Security number and spent $600 on a credit repair service plus $150 in notarization fees for fraud affidavits, you could claim those amounts with supporting documentation. Option B is the simpler route. It provides a flat cash payment estimated at approximately $100 per class member with no documentation required beyond a valid claim form.
This amount could increase or decrease depending on how many people file valid claims. If fewer people file, each person gets more. If the claims volume is high, the per-person amount shrinks. This is standard for data breach settlements and is worth keeping in mind if you are deciding whether the $100 estimate is worth the effort of filing. Regardless of which cash option you choose, you can also claim the three years of credit monitoring. The two benefits are independent. Many settlements force you to pick one or the other, but the Capital Health settlement structures them as separate entitlements.
How to File Your Capital Health Data Breach Settlement Claim Before the Deadline
Claims must be submitted by April 6, 2026, either online through the official settlement website at CapitalHealthDataBreachSettlement.com or by mail, postmarked no later than that date. To file, you will need the Unique ID and PIN printed on the notice that was mailed to you. If you lost your notice or never received one but believe you are a class member, you can call the toll-free settlement line at 1-888-873-4996 to request your credentials. The tradeoff between filing online and by mail is straightforward.
Online filing gives you an immediate confirmation and a digital record of your submission. Filing by mail means you are relying on postal delivery and should use certified mail or at least keep proof of the postmark date. Given that the deadline is a hard cutoff, online filing is the safer bet for anyone submitting close to April 6. If you are pursuing Option A with documented losses, you will also need to upload or mail copies of your supporting documentation, so gather receipts, statements, and any fraud reports before you start the claim process.
Key Deadlines and What Happens After You File
The settlement timeline has several critical dates that class members need to track. The objection and opt-out deadline is March 9, 2026. If you want to object to the settlement terms or exclude yourself to preserve your right to sue Capital Health independently, you must act before that date. Once that window closes, you are bound by the settlement if it receives final approval. The final fairness hearing is scheduled for July 14, 2026. No payments will be issued until after the court grants final approval at or following that hearing.
If objections are filed or if the court requires modifications, the timeline could extend further. This means you should not expect money in hand until late 2026 at the earliest, and potentially later if there are appeals. This delay is standard for class action settlements, but it is worth knowing so you do not plan around receiving funds by a specific date. One warning: if you opt out of the settlement, you lose access to both the cash payment and the credit monitoring benefit. You would retain the right to file your own lawsuit, but individual litigation against a health system is expensive and uncertain. For most class members, staying in the settlement and filing a claim is the practical choice unless you suffered losses well beyond $5,000 and have strong documentation to support an independent case.
Why the LockBit Ransomware Attack Made This Settlement Necessary
The Capital Health breach was not a case of an employee losing a laptop or a misconfigured database. The LockBit cybercrime group, one of the most prolific ransomware operations in the world, infiltrated Capital Health’s network and spent over two weeks inside the system from November 11 through November 26, 2023. The attackers encrypted files and later claimed to have exfiltrated more than 10 million files.
Capital Health reported the breach to the HHS Office for Civil Rights as affecting 503,071 individuals. The scale of the attack and the nature of the threat actor are part of why the $4.5 million settlement fund exists. Class members alleged that Capital Health failed to implement adequate cybersecurity measures to protect sensitive patient and employee data. Whether or not you follow the technical details of ransomware, the practical takeaway is that your personal information was accessed by a sophisticated criminal organization with a track record of monetizing stolen data, which is exactly why enrolling in the credit monitoring and filing a claim are worth your time.
What to Watch for After the Settlement Is Finalized
Once the court grants final approval, the settlement administrator will begin processing claims and distributing payments. Class members who elected credit monitoring will receive enrollment instructions. Keep your contact information current with the settlement administrator to avoid missing these communications.
If you move before payments are issued, update your address through the settlement website or the toll-free number. Looking ahead, the Capital Health settlement is part of a broader wave of healthcare data breach litigation driven by ransomware attacks. Courts and regulators are increasingly scrutinizing whether healthcare organizations maintained adequate security controls, and settlement values have been trending upward. For the 503,071 people affected by this particular breach, the immediate priority is filing before the April 6, 2026, deadline and enrolling in the credit monitoring that will run through 2029.
Frequently Asked Questions
Can I get both credit monitoring and a cash payment from the Capital Health settlement?
Yes. The three years of credit monitoring is available in addition to either cash payment option, not as an alternative. You can file for Option A or Option B and also enroll in credit monitoring.
How much money will I get from the Capital Health data breach settlement?
If you choose Option B with no documentation, the estimated payment is approximately $100, though this amount may change based on the number of valid claims filed. If you choose Option A and can document unreimbursed losses, you can claim up to $5,000.
What is the deadline to file a claim for the Capital Health settlement?
The claims submission deadline is April 6, 2026. Claims can be filed online at CapitalHealthDataBreachSettlement.com or mailed with a postmark by that date.
When will I receive my payment from the Capital Health settlement?
Payments will not be issued until after the court grants final approval at or following the fairness hearing on July 14, 2026. Expect payments in late 2026 at the earliest.
I lost my settlement notice. How do I get my Unique ID and PIN?
Call the toll-free settlement line at 1-888-873-4996 to request your claim credentials.
Should I opt out of the Capital Health data breach settlement?
For most class members, staying in the settlement is the practical choice. Opting out preserves your right to sue independently but means you lose access to both the cash payment and credit monitoring. Independent litigation is costly and uncertain unless your losses significantly exceed the $5,000 cap.