The Practice Resources data breach class action settlement provides $1.5 million in compensation to over 942,000 individuals whose personal health information was compromised through a healthcare management company. Approved on June 11, 2025, by U.S. District Judge Lawrence E.
Kahn in the Northern District of New York, this settlement resolves claims against Practice Resources LLC, a New York-based management service organization that manages medical practices and patient data. If you received notification of this breach after it was discovered on April 12, 2022, you may be eligible to claim compensation either through direct reimbursement for documented losses, complimentary credit monitoring services, or a cash payment from the settlement fund. The breach exposed sensitive patient information including names, addresses, Social Security numbers, and medical record details—the kind of comprehensive personal and health data that puts victims at serious risk for identity theft and medical fraud. The settlement represents a meaningful recovery for affected individuals, though the per-person payout depends on the number of valid claims submitted and the documentation of losses each claimant provides.
Table of Contents
- What Personal Information Did Practice Resources Expose?
- How Much Is the Settlement Fund and How Is It Divided?
- Who Qualifies for the Practice Resources Settlement?
- How Do You File a Claim and What Documentation Do You Need?
- What Credit Monitoring and Identity Protection Services Are Included?
- What Was the Timeline for This Settlement and When Was It Approved?
- What Does This Settlement Reveal About Healthcare Data Security?
- Conclusion
What Personal Information Did Practice Resources Expose?
Practice Resources LLC is a management service organization that handles administrative and operational functions for medical practices across the country. When the breach was discovered in April 2022, it exposed the personal health information of 942,000 individuals who had sought care at practices using Practice Resources’ systems. The compromised data included names, dates of birth, Social Security numbers, insurance information, medical diagnoses, medication histories, and in some cases financial information.
This type of data exposure carries particular danger because it combines identity theft vulnerabilities with medical fraud risks. Someone with access to your Social Security number and insurance information could potentially open fraudulent medical accounts in your name or file fake insurance claims, leaving you to discover the fraud only when bills arrive or when you apply for credit. The exposure of actual medical information—diagnoses and prescriptions—also creates privacy violations that extend beyond financial harm.
How Much Is the Settlement Fund and How Is It Divided?
The total settlement amount of $1.5 million is divided among several components before class members receive their payouts. The most significant allocation goes to plaintiff attorneys’ fees at $500,000, which represents one-third of the settlement fund—a standard arrangement in class action litigation where attorneys work on contingency and only receive compensation if the settlement is successful. Court-approved litigation costs and expenses total $19,253.46.
Additionally, each of the named plaintiffs who served as representatives in the lawsuit receives $2,500 as a service award for their role in bringing the case. After these deductions, the remaining funds are available for distribution to class members. The settlement structure allows class members to claim up to $5,000 in reimbursement for documented losses they incurred as a result of the breach, such as fraudulent charges, credit monitoring services they purchased themselves, or time spent resolving identity theft issues. The total payout per person depends on how many valid claims are submitted and whether claimants can document their actual losses with receipts and evidence.
Who Qualifies for the Practice Resources Settlement?
Any individual whose personal information was exposed in the Practice Resources breach is potentially part of the settlement class, which encompasses the 942,000 individuals notified of the breach. This includes patients of medical practices that contracted with Practice Resources for management services, even if you only visited the practice once. You do not need to prove that you suffered actual harm or fraud as a result of the breach to be eligible for some forms of relief under the settlement—the mere fact that your data was compromised qualifies you.
However, the amount of compensation you can receive depends on which benefit you pursue. If you opt for credit monitoring and identity theft protection services rather than filing a claim for reimbursement, there is no documentation requirement. If you pursue monetary reimbursement, you will need to provide documentation of actual losses, whether that is fraudulent charges on your accounts, payments you made for credit monitoring services, or documented time and expenses spent addressing identity theft. The $5,000 per-person maximum applies to those claiming documented losses; if fraud total exceeds that amount, you would be capped at the maximum.
How Do You File a Claim and What Documentation Do You Need?
To participate in the settlement, you must submit a claim during the claims period, which has a specific deadline that class members must meet to be eligible for payment. For those claiming reimbursement of documented losses, the process requires submitting receipts, credit card statements showing fraudulent charges, invoices from credit monitoring services you purchased, or other contemporaneous evidence of the out-of-pocket expenses you incurred. Vague claims without supporting documentation will not be approved; the claims administrator needs to verify that the expenses are legitimate and directly tied to the breach.
If your claimed losses exceed the $5,000 per-person limit—which can happen in cases of extensive identity theft or multiple fraudulent accounts opened in someone’s name—you are still capped at the maximum. The settlement provides an alternative that requires no documentation: accepting up to three years of complimentary credit monitoring and identity theft protection services instead of filing for cash reimbursement. This option makes sense for individuals who did not experience fraud but want proactive protection, or for those whose losses were relatively minor and documentation is difficult to gather.
What Credit Monitoring and Identity Protection Services Are Included?
The settlement provides eligible class members with up to three years of complimentary credit monitoring and identity theft protection services as an alternative to filing a reimbursement claim. This covers continuous monitoring of your credit files to detect suspicious activity, alerts when new accounts are opened in your name, dark web monitoring to identify if your information is being sold or used by criminals, and in some cases identity theft insurance or resolution services if fraud occurs. An important limitation to understand: credit monitoring services are reactive tools that alert you to problems but do not prevent fraud from occurring.
If someone opens an account in your name before the monitoring system detects it, you still have to go through the process of disputing charges and closing fraudulent accounts. Additionally, the three-year period is finite; after that coverage ends, you would need to arrange your own monitoring going forward. Many identity theft protection services also have exclusions and limitations in their coverage, so you should review the specific terms of the complimentary service offered to understand exactly what is and is not covered.
What Was the Timeline for This Settlement and When Was It Approved?
The Practice Resources data breach was discovered in April 2022, meaning the breach notification process began more than three years before the settlement received final court approval on June 11, 2025. This lengthy timeline is typical for data breach class action litigation, where the investigation of the breach, identification of affected individuals, negotiation of settlement terms, and court procedures can take several years from discovery to final approval. Judge Lawrence E.
Kahn’s approval of the settlement in June 2025 confirmed that the terms were fair, reasonable, and adequate to the class members, and that the settlement process followed proper legal procedures. Once final approval is granted, the claims administrator typically allows a specific claims period—often 60 to 90 days—for class members to submit their claims. After the claims period closes, the administrator processes and validates claims, and distributions begin.
What Does This Settlement Reveal About Healthcare Data Security?
The Practice Resources breach and settlement underscore ongoing vulnerabilities in how healthcare companies manage patient data. As a management service organization handling operations for multiple medical practices, Practice Resources was a central repository for thousands of patients’ most sensitive information. A breach at this organizational level affects far more people than a breach at a single practice would, demonstrating how consolidated healthcare management creates concentrated risk.
The $1.5 million settlement, while substantial, reflects the negotiated compromise between what plaintiffs’ attorneys believed they could potentially win through litigation and what Practice Resources was willing to settle for. Data breach settlements are typically a fraction of the actual harm caused—not just financial losses from fraud, but the emotional distress, privacy violation, and ongoing vigilance required of 942,000 individuals. This settlement, like most class action data breach recoveries, provides meaningful but limited compensation for what remains an intrusive violation of privacy and security.
Conclusion
If you received notification that your information was involved in the Practice Resources data breach, you have legitimate compensation options. The settlement provides three pathways: filing a claim for documented losses up to $5,000, accepting complimentary credit monitoring for three years, or in some cases receiving a cash distribution from the unclaimed funds pool.
Each option has different requirements and benefits, and choosing the right one depends on whether you experienced actual fraud, how thorough your documentation is, and whether you prefer proactive monitoring services. To protect your interests, verify your eligibility using the settlement claim information provided in your breach notification letter, gather any documentation of losses if you choose to file for reimbursement, and submit your claim before the deadline. The settlement provides real compensation, but only for those who actively claim their share during the claims period.