The Capital Health data breach settlement offers three distinct benefit options to the roughly 503,071 people whose personal information was exposed during a November 2023 cyberattack. Class members can claim up to $5,000 for documented out-of-pocket losses, receive an estimated $100 flat payment with no documentation required, or opt for three years of free credit monitoring valued at approximately $270 total. The settlement fund totals $4.5 million, and the deadline to file a claim is April 6, 2026.
Understanding which benefit option makes the most sense for your situation depends on whether you experienced actual financial harm from the breach and whether you kept records of it. For example, if you paid out of pocket for a credit monitoring service after hearing about the Capital Health breach, you could claim reimbursement for that cost under the documented losses option and still receive the free credit monitoring benefit on top of it.
Table of Contents
- What Are the Three Capital Health Settlement Benefit Options and How Do They Compare?
- How the Documented Losses Option Works and When It Falls Short
- What Happened in the Capital Health Data Breach
- How to File Your Claim Before the April 2026 Deadline
- Pro Rata Adjustments and Why Your Payment Might Be Less Than Expected
- Opting Out or Objecting to the Settlement
- What This Settlement Means for Future Health Care Data Breach Cases
- Frequently Asked Questions
What Are the Three Capital Health Settlement Benefit Options and How Do They Compare?
The $4.5 million capital Health settlement breaks down into three benefit tiers. Cash Payment A covers documented, unreimbursed losses up to $5,000 per person. This includes costs like identity theft remediation, fraudulent charges, credit monitoring subscriptions you purchased yourself, fees for freezing and unfreezing your credit, mileage to deal with fraud-related errands, and even postage. The catch is that you need real documentation — receipts, bank statements, or third-party records. A handwritten note saying you spent $300 on credit monitoring will not cut it; self-prepared documents alone are explicitly not sufficient under the settlement terms. Cash Payment B is the no-hassle option.
If you were affected but did not suffer documented financial losses — or simply did not keep your receipts — you can claim an estimated flat payment of $100. No paperwork beyond the claim form itself is required. This is the path most class members will likely take, since many people affected by data breaches do not incur immediate, traceable expenses. The third option, three years of free credit monitoring, is available to all class members regardless of which cash payment they choose. That means you can file for the $100 flat payment and still get credit monitoring, or claim up to $5,000 in documented losses and add the monitoring on top. The monitoring is valued at roughly $90 per year, so it represents about $270 in total value. If you do not already have credit monitoring through another breach settlement or your bank, this is worth selecting.
How the Documented Losses Option Works and When It Falls Short
The $5,000 cap on documented losses sounds generous, but the realities of claiming it are stricter than most people expect. You need to connect each expense directly to the Capital Health breach, not just to identity theft in general. If your Social Security number was compromised in three different breaches in 2023 and you signed up for credit monitoring afterward, attributing that cost solely to Capital Health becomes complicated. The settlement requires receipts, account statements, or records from third parties like banks or credit bureaus. A credit card statement showing a charge to a monitoring service, for instance, would qualify. A personal spreadsheet of estimated time spent on the phone with your bank would not.
There is also a meaningful caveat buried in the settlement terms: actual payment amounts may be adjusted on a pro rata basis if total valid claims exceed the net settlement fund. In plain terms, if too many people file for large documented losses, everyone’s payout gets reduced proportionally. With a $4.5 million fund and over 500,000 potential claimants, even if only a fraction file claims, the math can thin out quickly. If you are deciding whether to spend hours gathering documentation for a $200 claim, keep in mind that the final check could be less than $200 depending on how many people file. However, if you experienced serious identity theft directly traceable to the Capital Health breach — say, someone opened a credit card in your name using data stolen in the attack — and you have bank statements, police reports, or credit bureau dispute records, pursuing the full $5,000 is absolutely worth your time. The documentation requirement exists to prevent inflated claims, not to discourage legitimate ones.
What Happened in the Capital Health Data Breach
The breach at Capital Health Systems occurred between November 11 and November 26, 2023, when attackers infiltrated the hospital system’s network and caused a two-week computer systems outage. The LockBit ransomware group later claimed responsibility for the attack, stating they had stolen over 10 million files totaling 7 terabytes of data. In an unusual twist, LockBit said they deliberately chose not to encrypt Capital Health’s systems, citing the group’s own affiliate rules against encrypting hospital networks. The data was stolen, but the hospital’s systems were not locked down the way typical ransomware attacks operate. The stolen data included names, addresses, Social Security numbers, dates of birth, email addresses, telephone numbers, and clinical information.
The breach affected patients, former patients, and Capital Health employees. The HHS Office for Civil Rights breach report lists 503,071 individuals as affected. That is a substantial number for a regional health system, and the breadth of compromised data — especially Social Security numbers combined with clinical information — makes this breach particularly concerning for identity theft risk. The class action litigation that followed led to the $4.5 million settlement, which received preliminary approval on November 10, 2025. Capital Health did not admit wrongdoing as part of the agreement, which is standard in class action settlements of this type.
How to File Your Claim Before the April 2026 Deadline
Filing a claim is straightforward but requires attention to a few details. You can submit your claim online at CapitalHealthDataBreachSettlement.com or by mail. If you file online, you will need the unique ID and PIN printed on the settlement notice that was mailed to you. If you did not receive a notice, that does not necessarily mean you are excluded — but it does mean Capital Health’s records may not identify you as an affected individual, which could complicate your claim. For mail submissions, send your completed claim form to: Capital Health Data Breach Litigation Settlement Administrator, PO Box 4008, Portland, OR 97208-4008. The claim must be postmarked by April 6, 2026.
Online claims must also be submitted by that date. If you are choosing Cash Payment A with documented losses, include copies of your supporting documentation with the claim — do not send originals. The tradeoff between filing online versus by mail mostly comes down to convenience and record-keeping. Online filing gives you immediate confirmation that your claim was received and logged. Mail filing creates a paper trail if you are submitting extensive documentation for a Cash Payment A claim, but you are relying on postal delivery and should consider sending it certified or with tracking. Either way, do not wait until the last week. Settlement administrators process thousands of claims, and technical issues or mail delays near the deadline can cause problems.
Pro Rata Adjustments and Why Your Payment Might Be Less Than Expected
One of the most overlooked aspects of class action settlements is the pro rata adjustment clause, and the Capital Health settlement includes one. If the total value of all valid claims exceeds the net settlement fund — meaning the $4.5 million minus attorney fees, administrative costs, and service awards — then every claimant’s payment gets scaled down proportionally. This is not unusual, but it means the $100 flat payment and the $5,000 cap are maximums, not guarantees. Consider a rough scenario: if attorney fees and costs consume $1.5 million of the fund, that leaves $3 million for class members. If 30,000 people file for the $100 flat payment alone, that is $3 million claimed just from that category, leaving nothing for documented loss claims without a reduction. In practice, claim rates for data breach settlements tend to be low — often in the single-digit percentages of eligible class members — so significant pro rata reductions are not certain.
But they are possible, and you should not plan your finances around receiving the full advertised amount. Payments will only be distributed after the court grants final approval and any appeals are resolved. The final approval hearing is scheduled for July 14, 2026. If no one objects or appeals, checks could go out in late 2026 or early 2027. If there are appeals, the timeline stretches further. This is the reality of class action settlements — they move slowly, and patience is required.
Opting Out or Objecting to the Settlement
If you believe your individual damages from the Capital Health breach exceed what this settlement offers, you have the right to opt out and pursue your own lawsuit. The deadline to opt out or file an objection is March 9, 2026. Opting out means you give up your right to any payment from this settlement but preserve your ability to sue Capital Health independently. For most class members, this does not make financial sense — individual data breach lawsuits are expensive and uncertain.
But if you suffered severe, well-documented identity theft with five-figure losses, consulting with an attorney about whether to opt out is reasonable. Objecting is different from opting out. You can object to the settlement terms — for example, arguing that the $100 flat payment is too low or that attorney fees are too high — while still remaining in the class and receiving benefits if the settlement is approved. Objections must be filed by March 9, 2026, and you may be asked to appear at the July 14 final approval hearing.
What This Settlement Means for Future Health Care Data Breach Cases
The Capital Health settlement adds to a growing pattern of multimillion-dollar payouts in health care data breach litigation. The involvement of the LockBit ransomware group — one of the most prolific ransomware operations globally — and the sheer volume of stolen data (7 terabytes across 10 million files) made this case particularly high-profile. The $4.5 million fund, while substantial, works out to less than $9 per affected person if every class member filed a claim, which underscores the ongoing tension between settlement fund sizes and the number of people impacted by large-scale breaches.
For anyone affected, the practical takeaway is to file your claim before April 6, 2026, and take advantage of the credit monitoring benefit regardless of which cash option you choose. The three-year monitoring window is especially relevant given that stolen health care data — which often includes Social Security numbers and clinical details — tends to be exploited over longer periods than stolen financial data alone. Keep an eye on the official settlement website at CapitalHealthDataBreachSettlement.com for updates on final approval and payment timelines.
Frequently Asked Questions
How much money will I actually receive from the Capital Health settlement?
If you file for the flat payment with no documentation, the estimated amount is $100, though this could be reduced on a pro rata basis if too many claims are filed. If you have documented losses, you can claim up to $5,000, but the actual payout depends on total claims against the $4.5 million fund.
Can I get both a cash payment and the free credit monitoring?
Yes. The three years of credit monitoring is available to all class members in addition to whichever cash payment option you choose. You do not have to pick one or the other.
What if I did not receive a settlement notice in the mail?
If you were a patient, former patient, or employee of Capital Health and believe your data was compromised in the November 2023 breach, you may still be eligible. Visit CapitalHealthDataBreachSettlement.com or contact the settlement administrator for guidance on filing without a notice.
What documentation do I need for the $5,000 claim?
You need receipts, bank or credit card statements, credit bureau records, or other third-party documentation showing out-of-pocket expenses directly related to the breach. Self-prepared documents like personal logs or spreadsheets are not accepted as standalone proof.
When will payments be sent out?
Payments will not be distributed until after the final approval hearing on July 14, 2026, and after any appeals are resolved. Realistically, checks could arrive in late 2026 or sometime in 2027 depending on whether objections or appeals delay the process.
What is the deadline to file a claim?
April 6, 2026. Claims must be submitted online or postmarked by that date. The deadline to opt out or object is earlier — March 9, 2026.
You Might Also Like
- SiriusXM Settlement Benefits Explained: Cash, Credits, And Monitoring Options
- Is The Capital Health Data Breach Settlement Legit, And How Do You Check Eligibility
- How To File A Claim In The Capital Health Data Breach Settlement