R1 RCM & Dignity Health to Pay $675,000 to Settle Data Breach Lawsuit
A $675,000 settlement has been agreed upon to resolve a class action data breach lawsuit against R1 RCM Inc., a revenue cycle management company, and Dignity Health – St. Rose Dominican Hospital, Rosa de Lima Campus in Henderson, Nevada.
The lawsuit stems from a data breach at R1 RCM, which was detected on November 23, 2023. R1 RCM determined that the hacker had exfiltrated sensitive data such as names, contact information, dates of birth, Social Security numbers, service locations, diagnosis information, patient account numbers, and medical record numbers. The data breach was reported to the HHS’ Office for Civil Rights as affecting 16,121 individuals.
The lawsuit – Heather Hillbom v. R1 RCM, Inc. and Dignity Health dba Dignity Health – St. Rose Dominican Hospital, Rosa de Lima Campus – was filed in the U.S. District Court for the District of Nevada on April 5, 2024, and alleged that the defendants were negligent by failing to implement reasonable and appropriate safeguards to ensure the confidentiality of patient data. The defendants maintain there was no wrongdoing and that there is no liability; however, the decision was made to settle the lawsuit to avoid the costs and risks associated with continuing with the litigation.
Under the terms of the settlement, class members are entitled to claim two years of three-bureau credit monitoring services and identity theft protection services through CyEx Medical Shield Total. In addition, all class members may claim a monetary payment, which will be calculated after attorneys’ fees, credit monitoring costs, legal expenses, settlement administration costs, service awards, and claims for out-of-pocket expenses have been deducted from the settlement fund. Claims may also be submitted for reimbursement of documented, unreimbursed, out-of-pocket losses. Up to $500 may be claimed as reimbursement for ordinary out-of-pocket expenses, and up to $2,500 for extraordinary out-of-pocket expenses, such as losses to fraud and identity theft.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The settlement has received preliminary approval from the court, and the final fairness hearing is scheduled for November 14, 2025. The deadline for objecting to and exclusion from the settlement is October 13, 2025, and all claims must be received by November 11, 2025.
