Medusind to Pay $5 Million to Settle Data Breach Litigation
Medusind has agreed to pay $5,000,000 to settle a consolidated class action lawsuit over a 2023 data breach. Medusind is a revenue cycle management and practice management software vendor based in Florida. On or around December 29, 2023, the firm identified unauthorized access to its computer systems and found evidence to suggest that files had been exfiltrated from its network. The file review confirmed that more than 701,000 individuals had protected health information exposed in the incident, including names, contact information, health insurance information, medical histories, driver’s license numbers, passport numbers, and Social Security numbers. Notification letters were mailed to the affected individuals more than a year after the intrusion was detected.
Victims of the breach took legal action against Medusind, claiming negligence for failing to implement reasonable and appropriate safeguards to protect individuals’ personal and protected health information. Eight separate complaints were filed in response to the data breach. Since they had overlapping claims, they were consolidated into a single action in the United States District Court for the Southern District of Florida – Ashley Owings v. Medusind, Inc. Medusind denies any fault or liability and disagrees with all claims and contentions in the lawsuit. Following mediation on June 10, 2025, all parties agreed to settle the lawsuit, with no admission of wrongdoing by Medusind.
The settlement agreement includes cash benefits for class members, credit monitoring services, statutory awards for the California subclass, and injunctive relief. Medusind will establish a $5 million settlement fund from which the attorneys’ fees and expenses, settlement administration costs, class representative awards for each of the nine named plaintiffs, credit monitoring costs, and cash payments will be paid.
Two cash payments have been offered. Class members may either submit a claim for documented, unreimbursed losses related to the data breach up to a maximum of $5,000. Alternatively, a claim may be submitted for a pro rata cash payment, which is estimated to be around $100 per class member. Cash payments will be paid pro rata after legal costs, expenses, and credit monitoring costs have been deducted from the settlement fund. California residents may claim an additional statutory award, estimated to be $100. All class members are entitled to claim two years of complimentary credit monitoring services.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
In addition to the $5,000,000 settlement, Medusind has agreed to implement additional security measures. Prior to receiving final approval, Medusind will provide class counsel with a written attestation regarding the security measures that have been implemented. Class members wishing to exclude themselves from or object to the settlement have until December 14, 2025, to do so. Claims must be submitted by December 29, 2025, and the final approval hearing has been scheduled for January 12, 2026.
