Healthcare Firm Handing Out $11,000,000 After Cyberattack Exposes Patients’ Sensitive Information

A US healthcare company is settling with the victims of a cybersecurity attack that exposed patients’ personal identifying information.

According to new court filings, Kentucky-based Norton Healthcare Inc. has reached a settlement regarding a cybersecurity incident that occurred in May 2023 and potentially leaked the information of patients and former patients.

Norton Healthcare has set aside $11 million in its settlement fund and will be reimbursing $2,500 to each person affected by the leak.

“On October 21, 2025, the Parties participated in a mediation…. Ultimately, the case settled at the mediation, with the Parties agreeing to resolve the case on a global, class wide basis for a common fund in the amount of $11,000,000.00…

The Settlement Fund shall pay all valid claims for Out-of-Pocket Losses up to the per-claimant-limit of two thousand and five hundred dollars ($2,500.00).”

According to the class action lawsuit filed against the healthcare company, Norton failed to maintain adequate security protocols and failed to notify victims in a timely manner.

“Norton failed to undertake adequate measures to safeguard the (personal health information) of Plaintiffs and the proposed Class Members, including failing to implement industry standards for data security, and failing to properly train employees on cybersecurity protocols, resulting in the Data Breach.

Although Norton discovered the data breach on or about May 9, 2023, defendants have failed, and continue to fail, to notify and warn affected persons, Norton’s current and former patients and employees, of the data breach.” Follow us on X, Facebook and Telegram
Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inbox
Check Price Action
Surf The Daily Hodl Mix