Granite Wellness Centers & Pediatric Home Service Settle Class Action Data Breach Lawsuits
Granite Wellness Centers in California and Pediatric Home Service in Minnesota have both settled lawsuits stemming from cyberattacks that exposed sensitive patient data.
Granite Wellness Centers Data Breach Settlement
Granite Wellness Centers, a network of drug addiction treatment centers in Northern California, has agreed to settle class action litigation over a January 2021 ransomware attack and data breach that affected up to 15,600 individuals. The attack was detected on or around January 5, 2021, and the forensic investigation confirmed that the ransomware actor acquired files containing sensitive patient data, including names, dates of birth, home addresses, dates of care, treatment information, treatment providers, health information, health insurance information, driver’s license numbers, medical histories, Social Security numbers, and bank account numbers.
The affected individuals were notified on or around March 5, 2021, and the first class action lawsuit was filed on June 14, 2023. An amended complaint was filed in September 2023 – Bente, et al. v. Granite Wellness Centers – in the Superior Court of the State of California, County of Placer. The lawsuit asserted claims for negligence, negligence per se, breach of implied contract, unjust enrichment, and declaratory judgment. Granite Wellness Centers maintains that there was no wrongdoing and denies claims that the exposure of data caused any harm to individuals. Following mediation, all parties agreed to settle the litigation to avoid the cost and risk of a trial, with no admission of wrongdoing or liability by the defendant.
Granite Wellness Centers has agreed to establish a $725,000 settlement fund to cover all costs associated with the litigation, including attorneys’ fees (up to 33.33% of the fund), litigation expenses (up to $20,000), service awards for the class representatives (up to $2,000 per class representative), and class member benefits. There are three types of payments available to class members. A claim may be submitted for a pro rata cash payment, estimated to be approximately $750 per class member, but may be higher or lower depending on the number of claims submitted. A claim may be submitted for reimbursement of documented, unreimbursed losses due to the data breach up to a maximum of $5,000 per class member, and California residents at the time of the data breach may submit a claim for an additional statutory $100 cash payment.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The deadline for opting out and objecting is March 28, 2026. The deadline for submitting a claim is April 27, 2026, and the final fairness hearing has been scheduled for April 28, 2026.
Pediatric Home Service Data Breach Settlement
Pediatric Home Respiratory Services (Pediatric Home Service), a Roseville, MN-based independent children’s home healthcare provider, has agreed to settle litigation stemming from a November 2024 cyberattack and data breach. The lawsuit claims that 43,634 individuals were affected by the data breach. The HHS’ Office for Civil Rights was informed that the protected health information of 41,792 patients was exposed in the incident. The Pediatric Home Service cyberattack was detected on November 7, 2024, and the forensic investigation confirmed that an unauthorized third party accessed its network between November 1, 2024, and November 7, 2024. The affected individuals were notified on January 8, 2025.
Two class action lawsuits were filed in response to the data breach, which were consolidated into a single complaint – In re Pediatric Home Respiratory Services, LLC d/b/a Pediatric Home Service Litigation –in the District Court for Ramsey County, Minnesota. The lawsuit asserted claims of negligence, negligence per se, breach of implied contract, violation of the Minnesota Health Records Act, breach of fiduciary duty, declaratory judgment, and unjust enrichment. Pediatric Home Service denies all claims and contentions in the lawsuit and maintains there was no wrongdoing. Pediatric Home Service sought to have the lawsuit dismissed for lack of standing and failure to state a claim. The plaintiffs opposed the motion, and following mediation, a settlement was agreed to resolve the litigation.
There are two cash payment options, one of which can be selected by all class members. A claim may be submitted for reimbursement of documented, unreimbursed losses due to the data breach up to a maximum of $1,500 per class member. Alternatively, a one-time cash payment of $50 may be claimed. In addition, a claim may be submitted for a 12- month membership to one of three credit monitoring options: CyEx Medical Shield Complete, CyEx Identity Defense Total, or CyEx Minor Defense Pro (for minors). The deadline for objecting to the settlement and exclusion is April 8, 2026. The claims deadline is April 23, 2026, and the final fairness hearing has been scheduled for May 8, 2026.
