ProSmile Holdings Settles Class Action Data Breach Lawsuit
A class action lawsuit against ProSmile Holdings LLC over a 2022 data breach has been resolved, with all parties agreeing to a $440,000 settlement. The litigation was initiated in response to a cyberattack that involved unauthorized access to the protected health information of 39,674 individuals. An unauthorized third party gained access to its email environment, and the incident was detected on July 7, 2022; however, it took 7 months to announce the breach and 17 months for the affected individuals to be notified.
The compromised information included names, dates of birth, Social Security numbers, driver’s license or other state identification card numbers, financial account numbers, payment card numbers, medical treatment information, diagnosis or clinical information, provider information, prescription information, and health insurance information.
A lawsuit – Middleton v. ProSmile Holdings, LLC – was filed on January 30, 2024, in the United States District Court for the District of New Jersey by plaintiff Kristina Middleton, whose protected health information was exposed in the incident. The plaintiff alleged negligence for failing to implement appropriate cybersecurity measures, breach of implied contract, breach of implied covenant of good faith and fair dealing, and unjust enrichment.
ProSmile Holdings denies all allegations of wrongdoing and disclaims all liability with respect to all claims, but agreed to a settlement to bring the lawsuit to an end to avoid the costs of protracted litigation and the uncertainty of trial. Under the terms of the settlement, a $440,000 settlement fund will be established to cover attorneys’ fees ($146,666.67), attorneys’ costs ($25,000), settlement administration costs, and class representative awards ($5,000). The remainder of the settlement will cover benefits to class members.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Class members may submit a claim for reimbursement of documented out-of-pocket expenses fairly traceable to the data breach, including unreimbursed losses to identity theft and fraud, credit monitoring costs, professional fees, and other reasonable expenses. The claims are capped at $5,000 per class member. Individuals may claim a pro rata cash payment, which will be paid out of the remainder of the settlement funds, and individuals who had their Social Security numbers compromised may choose to receive a cash payment of up to $500, which will be paid pro rata depending on the number of valid claims. Individuals who claim a cash payment under the Social Security number benefit package can also submit a claim for reimbursement of losses, but cannot claim two cash payments.
The settlement has received preliminary approval from the court, and the final fairness hearing is scheduled for October 14, 2025. The deadline for objection to and exclusion from the settlement is August 26, 2025, and the deadline for submitting a claim is September 25, 2025.
