Gryphon Healthcare $2.8M Data Breach Class Action Settlement

Individuals who received a notification that the July 2024 Gryphon Healthcare data breach may have compromised their personal information could be eligible to claim up to $5,000 and/or credit monitoring from a class action settlement.

Gryphon Healthcare LLC agreed to pay $2.8 million to resolve a class action lawsuit alleging a cyberattack exposed sensitive personal and medical data. The lawsuit alleged Gryphon failed to adequately protect private information, including names, Social Security numbers and medical details.

Who can file a claim?

The class includes:

• All residents of the United States whose personal information the July 2024 Gryphon Healthcare data incident potentially exposed
• Anyone who received a breach notification letter from Gryphon Healthcare

The types of information potentially exposed include:

• Names
• Dates of birth
• Addresses
• Social Security numbers
• Dates of service
• Diagnosis information
• Health insurance information
• Medical treatment information
• Prescription information
• Provider information
• Medical record numbers

How much can class members get?

The settlement offers three main types of benefits to eligible class members:

• Reimbursement for out-of-pocket losses (up to $5,000): Covers documented expenses, such as losses from identity theft or fraud, fees for credit reports or credit monitoring, costs to replace IDs and postage for contacting banks. Class members must provide supporting documentation (e.g., bank statements, receipts) and cannot claim expenses a third party already reimbursed.
• Cash payment (estimated at $100): Available to class members who do not claim out-of-pocket losses or do not wish to submit documentation. No proof required. The final amount may be higher or lower depending on the total number of claims.
• Two years of identity theft protection and medical data monitoring: Enrollment in CyEx Medical Shield Complete, which provides $1 million in medical identity theft insurance; monitoring for health care insurance ID and medical record exposure, as well as unauthorized Health Savings Account spending; and access to fraud resolution agents if suspicious activity is detected.

How to claim a settlement payout

Class members can file a claim online or download, print and complete a PDF claim form and mail or email it to the settlement administrator. The claim deadline is April 16, 2026.

Settlement administrator's contact information: Gryphon Data Incident Settlement, c/o Settlement Administrator, PO Box 25226, Santa Ana, CA 92799-9958, info@GryphonHealthcareDataSettlement.com

What proof or documentation is required to submit a claim?

• To submit an online claim form, class members must log in with their unique ID and PIN, which are located on the settlement notice they received. Those who are unable to locate their ID and PIN should contact the settlement administrator by emailing info@GryphonHealthcareDataSettlement.com and providing the class member's full name and mailing address.
• To claim reimbursement for out-of-pocket losses (up to $5,000), class members must provide documentation, such as bank statements, receipts or other proof showing the data incident caused the expenses. Self-prepared notes alone are not sufficient.
• To claim the estimated $100 cash payment or credit monitoring, class members do not need to provide documentation.

Payout options

• PayPal
• Venmo
• Zelle
• Virtual prepaid card
• Physical check

$2.8 million settlement fund breakdown

The $2,800,000 settlement fund covers:

• Settlement administration costs: To be determined
• Attorneys’ fees and costs: Up to $933,333.33
• Service awards to class representatives: $2,500 each ($22,500 total)
• Credit monitoring costs: Determined by number of valid claims
• Payments to eligible class members: The remainder of the fund

Important dates

• Opt-out deadline: March 17, 2026
• Claim deadline: April 16, 2026
• Final approval hearing: Aug. 31, 2026

When is the Gryphon Healthcare settlement payout date?

The settlement administrator will distribute payments and benefits approximately 30 days after the court resolves any appeals and grants final approval to the settlement.

Why is there a class action settlement?

The class action lawsuit alleged a targeted cyberattack in July 2024 compromised Gryphon Healthcare’s computer systems, exposing sensitive personal and medical information. The plaintiffs claimed the company failed to adequately protect this data.

Gryphon denies any wrongdoing, but both sides agreed to settle to avoid the costs, risks and uncertainties of further litigation.

Sources

1. Class notice
2. Claim form
3. Settlement agreement
4. Settlement FAQ