To file a claim in the Capital Health data breach settlement, go to CapitalHealthDataBreachSettlement.com/Login, enter the Unique ID and PIN from the notice mailed to you, and submit your claim form before the April 6, 2026 deadline. The $4.5 million settlement covers 503,071 individuals whose personal and medical data was compromised when the LockBit ransomware group breached Capital Health’s network in November 2023.
For example, if you were a patient at Capital Health Regional Medical Center or Capital Health Medical Center–Hopewell and received a notification letter in the mail, you can file online in roughly ten minutes using the credentials printed on that letter. You do not need to prove you suffered identity theft — there is a flat cash payment option available to every eligible class member with no documentation required. This article walks through the full claims process step by step, explains the difference between the two compensation options, covers what to do if you never received a notice, and flags the key deadlines you cannot afford to miss.
Table of Contents
- What Do You Need To File A Claim In The Capital Health Data Breach Settlement?
- Understanding The Two Cash Payment Options And How They Compare
- What Data Was Stolen And Why It Matters For Your Claim
- How To Maximize Your Settlement Payout
- Deadlines That Could Cost You Money If You Miss Them
- What To Do If You Suspect Ongoing Identity Theft From This Breach
- What The Capital Health Settlement Means Going Forward
- Frequently Asked Questions
What Do You Need To File A Claim In The Capital Health Data Breach Settlement?
The most important thing you need is your Unique ID and PIN number. These are printed on the settlement notice that was mailed to affected individuals. With those two pieces of information, you can log into the official settlement portal at capitalHealthDataBreachSettlement.com/Login and file your claim electronically. The system will verify your eligibility and walk you through the submission. Beyond your login credentials, what you need depends on which compensation option you choose.
If you go with the flat alternative cash payment (estimated at around $100), you do not need any supporting documents at all — just your identity confirmation and a valid payment method. However, if you want to claim up to $5,000 for documented losses, you will need receipts, bank or credit card statements, or third-party records showing expenses tied to the breach. Self-prepared documents on their own will not be accepted, so start gathering records now rather than scrambling at the deadline. If you did not receive a notice in the mail but believe you were a Capital Health patient or employee during the relevant period, you are not automatically out of luck. The settlement website’s documents page has a downloadable paper claim form you can fill out and mail to the settlement administrator. Keep in mind that paper claims must be postmarked by April 6, 2026.
Understanding The Two Cash Payment Options And How They Compare
The settlement offers two mutually exclusive monetary options, and choosing the right one matters. Cash Payment A covers documented, unreimbursed losses up to $5,000 per person. This includes costs like identity theft recovery, fraudulent charges you had to dispute, credit monitoring services you purchased on your own, fees for freezing and unfreezing your credit, and even mileage and postage related to dealing with the fallout. If you spent real money cleaning up after this breach, this is the option that could make you closer to whole. Cash Payment B is the no-documentation alternative — an estimated flat payment of roughly $100. The exact amount could shift depending on how many people file claims, since the $4.5 million fund is finite.
If 100,000 people choose this option, the math gets tight. If fewer file, the per-person amount could edge higher. This option exists for people who were affected but cannot easily prove specific financial losses, which frankly describes most data breach victims. However, here is the critical tradeoff: if you spent even $150 on a credit monitoring subscription after learning about the breach, Payment A already nets you more than Payment B. The threshold is low. Before defaulting to the easy option, take fifteen minutes to check your bank statements for any breach-related spending. You might be surprised what qualifies — that $30 you spent on certified mail to dispute a fraudulent account counts.
What Data Was Stolen And Why It Matters For Your Claim
Between November 11 and November 26, 2023, the LockBit ransomware group maintained unauthorized access to Capital Health Systems’ network. During that window, the attackers claimed to have exfiltrated seven terabytes of data — over 10 million files. The stolen information included names, addresses, phone numbers, email addresses, dates of birth, social Security numbers, and clinical and medical information. That combination is essentially a complete identity theft kit. The scope of the exposed data is relevant to your claim because it determines what kinds of losses you might have experienced.
Someone whose Social Security number was compromised faces a fundamentally different risk profile than someone whose email address was leaked. For instance, if your SSN was part of the breach and you later discovered a fraudulent credit account opened in your name, that is a direct, documentable harm with real costs — credit repair services, time spent filing police reports, certified mailings to credit bureaus. All of those expenses are claimable under Payment A. Capital Health operates hospitals and healthcare facilities in New Jersey, so the affected population is heavily concentrated in that state. But if you received care at a Capital Health facility while visiting or living in the area temporarily, you may still be part of the class. The 503,071 affected individuals include patients, former patients, guarantors, and employees — the net is wide.
How To Maximize Your Settlement Payout
If you want to pursue Payment A and claim up to $5,000 in documented losses, preparation is everything. Start by pulling your credit reports from all three bureaus and flagging any unfamiliar accounts or inquiries that appeared after November 2023. Then review your bank and credit card statements for any charges related to identity protection — credit monitoring subscriptions, identity theft insurance, notary fees, or even gas mileage to visit a bank branch to resolve a fraudulent transaction. The settlement specifically accepts receipts, account statements, and third-party records as valid documentation. A printout from your credit monitoring service showing your subscription cost qualifies.
A bank statement showing a charge for a credit freeze qualifies. What does not qualify is a handwritten list of expenses with no backup. The administrators are explicit that self-prepared documents alone are insufficient, so do not rely on a personal spreadsheet as your only evidence. Regardless of which cash option you pick, every class member can also enroll in three years of one-bureau credit monitoring valued at approximately $90 per year. This includes dark web scanning, public records monitoring, and identity theft insurance. There is no reason to skip this — it stacks on top of either Payment A or Payment B at no cost to you.
Deadlines That Could Cost You Money If You Miss Them
The claim filing deadline is April 6, 2026. That is a hard cutoff — your online submission must be completed or your paper form must be postmarked by that date. There is no grace period mentioned in the settlement terms, and courts rarely grant extensions for individual procrastination. Put it on your calendar now. There is an earlier deadline that matters if you are considering opting out or objecting to the settlement: March 9, 2026. If you believe your damages exceed what the settlement offers and want to preserve your right to sue Capital Health independently, you must formally exclude yourself before that date.
Once March 9 passes, you are bound by the settlement terms whether you file a claim or not. Objections to the settlement terms must also be submitted by March 9. The final approval hearing is scheduled for July 14, 2026, and payouts will not begin until after the court grants final approval and any appeals are resolved — meaning checks could arrive months after the hearing. One warning that catches people off guard: filing a claim does not guarantee immediate payment. Even after final approval, if someone appeals the settlement, distribution gets delayed further. Data breach settlements typically take six to twelve months after final approval to distribute funds, so plan accordingly and do not count on this money for near-term expenses.
What To Do If You Suspect Ongoing Identity Theft From This Breach
If you have already noticed suspicious activity on your accounts — unfamiliar credit inquiries, medical bills for services you never received, or collection notices for debts you did not incur — take action beyond just filing a settlement claim. Place a fraud alert or credit freeze with all three credit bureaus (Equifax, Experian, TransUnion), file an identity theft report at IdentityTheft.gov, and report the fraudulent activity to your local police department. These steps create the paper trail that strengthens a Payment A claim and helps you recover faster.
Medical identity theft is a particular risk given that clinical information was part of this breach. If someone uses your stolen health data to obtain medical care, their medical records can get mixed with yours — potentially leading to dangerous treatment errors down the line. Review your insurance explanation of benefits statements carefully for any services you did not receive, and dispute any that look unfamiliar.
What The Capital Health Settlement Means Going Forward
The $4.5 million settlement, while meaningful for individual claimants, also signals a broader trend. Healthcare organizations are facing increasing legal and financial consequences for failing to prevent ransomware attacks.
The LockBit group has been one of the most prolific ransomware operators globally, and healthcare systems remain among their favorite targets because of the sensitivity and volume of data they hold. For the 503,071 people affected by this particular breach, the immediate priority is straightforward: file your claim before April 6, 2026, choose the compensation option that fits your situation, and enroll in the free credit monitoring. The settlement will not undo the breach, but it provides tangible compensation and monitoring tools to reduce your ongoing risk.
Frequently Asked Questions
How do I file a claim if I lost my settlement notice?
Visit CapitalHealthDataBreachSettlement.com and navigate to the documents page, where you can download a paper claim form. Fill it out and mail it to the settlement administrator. It must be postmarked by April 6, 2026.
Can I get both the cash payment and the credit monitoring?
Yes. The credit monitoring benefit is available to all class members regardless of whether they choose Payment A (documented losses) or Payment B (flat cash payment). You must choose one cash option but can add credit monitoring on top of either.
How much will I actually receive from the settlement?
If you choose Payment B, the estimated amount is approximately $100, though the final number depends on how many people file. If you choose Payment A and have documented losses, you can claim up to $5,000 with proper receipts and records.
When will I get paid?
Payouts will not begin until after the final approval hearing on July 14, 2026, and only after any appeals are resolved. Realistically, expect payments several months after that date.
What if I was a Capital Health employee, not a patient?
Employees are included in the settlement class along with patients, former patients, and guarantors. The same claim process and compensation options apply.
Can I opt out and sue Capital Health on my own instead?
Yes, but you must submit your exclusion request by March 9, 2026. If you miss that deadline, you are bound by the settlement and give up your right to pursue an independent lawsuit over this breach.