If you received a breach notification letter from General Physician, P.C. last fall, you may be entitled to compensation from a $2.5 million class action settlement. The Buffalo, NY-based medical group confirmed that an unauthorized party accessed a company email account between April 6, 2024 and June 12, 2024, potentially exposing patient names, Social Security numbers, medical records, financial information, and more. Eligible class members can file a claim by May 27, 2026 to receive up to $5,000 in reimbursement for documented losses, an estimated $60 alternative cash payment, and two years of credit and medical records monitoring. The case, Newhart v.
General Physician, P.C., reached a proposed settlement that now awaits final court approval scheduled for June 4, 2026. General Physician first detected suspicious activity on June 12, 2024, but it took until August 6, 2024 for investigators to confirm that sensitive personal information may have been compromised. Notification letters did not go out until October 15, 2024 — more than four months after the breach was discovered. That timeline matters because identity thieves often move fast, and affected patients had no way of knowing their data was at risk during that gap.
Table of Contents
- Who Qualifies for the General Physician Data Breach Settlement and How Do You File a Claim?
- What Compensation Is Available and What Are the Limitations?
- What Information Was Exposed in the General Physician Breach?
- How to Maximize Your Claim Before the May 2026 Deadline
- Important Deadlines and What Happens If You Miss Them
- Why the Four-Month Notification Delay Matters
- Protecting Yourself Beyond the Settlement
- Frequently Asked Questions
Who Qualifies for the General Physician Data Breach Settlement and How Do You File a Claim?
The settlement class includes all U.S. residents whose private information was potentially accessed or acquired by an unauthorized party as a result of the data incident that General Physician reported in October 2024. If you received a notification letter in the mail, you are almost certainly a class member. However, even if you never received a letter — perhaps because you moved or the letter was lost — you may still qualify if you were a patient of General Physician, P.C. during the relevant period and your information was stored in the compromised email account.
To file a claim, visit www.GeneralPhysicianDataIncidentSettlement.com and complete the online form. You can also file by mail, sending your completed claim form to Kroll Settlement Administration LLC at P.O. Box 225391, New York, NY 10150-5391. Mailed claims must be postmarked by May 27, 2026. If you have questions or need help locating your unique class member ID from the notification letter, call the toll-freetoll-free[contact via the official settlement website]. Keep in mind that filing online is generally faster and provides confirmation that your claim was received, while mailed forms carry the risk of postal delays.
What Compensation Is Available and What Are the Limitations?
Class members have two paths. The first option provides two years of credit and medical records monitoring plus reimbursement of up to $5,000 for documented out-of-pocket expenses tied to the breach. Those expenses can include costs for credit monitoring you already purchased, fees for credit freezes or unfreezes, bank fees from fraudulent transactions, and time spent dealing with identity theft at a reasonable hourly rate. The second option is an alternative cash payment estimated at roughly $60, which does not require documentation of losses.
Both options include the credit and medical records monitoring. However, if you choose the reimbursement route, be prepared to provide receipts, bank statements, or other records that connect your expenses directly to the General Physician breach. Vague claims without documentation will likely be reduced or denied. The $5,000 cap is also per person, not per incident, so if you had multiple fraudulent charges you would need to tally everything under that single limit. And the $60 alternative payment is only an estimate — the actual amount could be lower if a large number of class members file claims, since the total settlement fund is fixed at $2.5 million and attorneys’ fees of up to $833,333.33 plus costs will come off the top, along with $3,000 service awards to each class representative.
What Information Was Exposed in the General Physician Breach?
The compromised data is particularly sensitive because General Physician is a healthcare provider. According to the breach notification, exposed information includes names, addresses, Social Security numbers, dates of birth, financial information, medical information, and health insurance information. That combination is what security professionals call a “fullz” package — essentially everything a criminal needs to open fraudulent accounts, file fake tax returns, or even obtain medical care under someone else’s identity. Medical identity theft is especially dangerous because it can corrupt your health records.
If someone uses your insurance to receive treatment, their medical history — including allergies, blood type, and diagnoses — can become mixed with yours. That contamination can lead to misdiagnosis or dangerous treatment decisions down the road. Unlike a stolen credit card number, which you can cancel and replace in a day, untangling medical identity theft can take months or years. This is why the settlement includes medical records monitoring alongside traditional credit monitoring, and it is worth enrolling in both even if you have not yet seen signs of fraud.
How to Maximize Your Claim Before the May 2026 Deadline
If you have already incurred costs related to the breach, gather your documentation now rather than waiting until close to the May 27, 2026 deadline. Pull bank and credit card statements showing any fraudulent charges, receipts for credit monitoring services you subscribed to after October 2024, and records of time you spent on the phone with banks or credit bureaus. The more organized your submission, the stronger your claim. The tradeoff between the two compensation options is straightforward but worth thinking through. If you have documented losses exceeding $60, the reimbursement path is clearly better.
But if you have no out-of-pocket losses and simply want to be compensated for the inconvenience and risk, the alternative cash payment saves you the hassle of gathering documentation. One thing to note: you do not have to choose between monitoring and cash. The credit and medical records monitoring is included with both options. The real choice is between documented reimbursement up to $5,000 and the flat alternative payment. File online at www.GeneralPhysicianDataIncidentSettlement.com for the quickest confirmation.
Important Deadlines and What Happens If You Miss Them
Three dates matter. The claim deadline is May 27, 2026. The opt-out and objection deadline is April 27, 2026. The final approval hearing is set for June 4, 2026 at 9:30 a.m. ET.
Missing the claim deadline means you receive nothing from the settlement fund, though you would still be bound by the settlement’s release of claims unless you opted out by April 27. If you believe the settlement is inadequate and want to preserve your right to sue General Physician independently, you must submit a written opt-out request postmarked by April 27, 2026. Be warned, though: individual lawsuits over data breaches are expensive and difficult to win, particularly if you cannot demonstrate concrete financial harm. Most class members will be better served by filing a claim. If you want to object to the settlement terms — for example, if you believe the attorneys’ fees are too high or the alternative cash payment is too low — you can file a written objection by the same April 27 deadline and appear at the final approval hearing to make your case.
Why the Four-Month Notification Delay Matters
General Physician detected suspicious email activity on June 12, 2024, but did not begin notifying affected individuals until October 15, 2024. During those four months, anyone whose data was stolen had no idea they were at elevated risk. For context, many states require breach notification within 30 to 60 days of discovery, and some cybersecurity experts argue that even that window is too long.
New York’s breach notification statute requires disclosure “in the most expedient time possible,” which leaves room for interpretation but arguably should not stretch to four months. That delay is part of what motivated the class action. Plaintiffs argued that earlier notification would have allowed patients to freeze their credit, change passwords, and monitor their accounts before criminals had a chance to exploit the stolen data. If you were a General Physician patient and experienced identity theft or fraud between June and October 2024, that timeline could strengthen your individual reimbursement claim.
Protecting Yourself Beyond the Settlement
The two years of credit and medical records monitoring included in this settlement are a useful starting point, but they are not a permanent solution. Once that monitoring period expires, you will need to decide whether to continue paying for monitoring on your own or take other protective steps. Placing a free credit freeze with all three major bureaus — Equifax, Experian, and TransUnion — is one of the most effective long-term measures, and it costs nothing.
You can lift the freeze temporarily whenever you need to apply for credit. Given the nature of the data exposed, including Social Security numbers and medical information, the risk does not disappear after two years. Stolen Social Security numbers have an indefinite shelf life on dark web marketplaces. Staying vigilant about reviewing your credit reports, explanation of benefits statements from your health insurer, and IRS tax transcripts will be important well beyond the monitoring window this settlement provides.
Frequently Asked Questions
How do I know if I am part of the General Physician data breach settlement class?
If you are a U.S. resident whose private information was potentially accessed as a result of the data incident General Physician reported in October 2024, you are likely a class member. Most class members received a notification letter by mail. If you were a patient but did not receive a letter, contact the settlement administratorsettlement administrator[contact via the official settlement website].
Can I receive both the cash payment and the credit monitoring?
Yes. All class members who file a valid claim receive two years of credit and medical records monitoring. The choice is between receiving up to $5,000 in documented out-of-pocket reimbursement or the estimated $60 alternative cash payment — not between monitoring and cash.
What counts as a documented out-of-pocket expense?
Expenses directly resulting from the breach, such as costs for credit monitoring services purchased after the breach, bank fees from fraudulent transactions, notary or mailing fees for fraud disputes, and time spent addressing identity theft. You will need receipts, statements, or other records to support your claim.
What happens if more people file claims than the fund can cover?
The total settlement fund is $2.5 million. After attorneys’ fees (up to $833,333.33) and class representative service awards ($3,000 each) are deducted, the remaining funds are distributed among claimants. If claims exceed the available funds, payments — particularly alternative cash payments — may be reduced proportionally.
What is the deadline to opt out of the settlement?
The opt-out deadline is April 27, 2026. If you opt out, you will not receive any settlement benefits, but you preserve the right to pursue your own legal action against General Physician, P.C. independently.
When will I receive my payment?
Payments will not be distributed until after the final approval hearing on June 4, 2026, and only if the court grants final approval. After approval, the settlement administrator typically distributes payments within a few months, though appeals or objections could cause delays.
You Might Also Like
- How To File A Claim In The Capital Health Data Breach Settlement
- How To File A Claim In The 23andMe Customer Data Security Breach Settlement
- Everything To Know About The Capital Health Data Breach Settlement Before You Submit A Claim