$3.5M Settlement Agreed to Resolve Group Health Cooperative of South Central Wisconsin Data Breach Lawsuit
Group Health Cooperative of South Central Wisconsin, a non-profit, member-owned health plan with approximately 70,000 members, has agreed to settle a consolidated class action lawsuit stemming from a cyberattack and data breach detected in January 2024.
Suspicious activity was identified within its computer systems, and the forensic investigation confirmed unauthorized access to its network. The file review determined that the protected health information of more than 533,000 current and former members and their dependents had been exposed in the attack. Data compromised in the incident included names, addresses, telephone numbers, email addresses, dates of birth, Social Security numbers, member names, and Medicare/Medicaid numbers.
Several lawsuits were filed in response to the data breach, which were consolidated as they had overlapping claims. The consolidated lawsuit, Pearson, et al. v. Group Health Cooperative of South Central Wisconsin, was filed in the Circuit Court of Dane County, Wisconsin, and asserted claims of negligence, negligence per se, breach of fiduciary duty, breach of implied contract, and unjust enrichment. The defendant denies any wrongdoing and liability and disagrees with all of the claims.
After considering the likely costs, time, and distraction from continuing with the litigation, as well as the risks associated with a trial and related appeals, the plaintiffs and the defendant agreed to a settlement. The settlement has received preliminary approval from the court and will see the defendant establish a $3,500,000 settlement fund to pay benefits to the class members.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
All class members are entitled to enroll for a three-year membership to a CyEx medical data monitoring product, which includes real-time single-bureau credit monitoring, dark web scanning, security freeze assistance, and identity theft resolution services, along with a $1 million identity theft insurance policy. Claims may also be submitted for reimbursement of documented, unreimbursed losses due to the data breach up to a maximum of $5,000 per class member.
As an alternative to a claim for losses, class members may elect to receive a one-time cash payment, which will be paid pro rata from the remainder of the settlement fund after attorneys’ fees and expenses, settlement administration and notification costs, service awards for each of the nine named plaintiffs, medical monitoring costs, and claims have been paid. Based on a typical claim rate, the cash payments are expected to be approximately $100.
The deadline for submitting a claim is January 20, 2026, and the final fairness hearing is scheduled for February 4, 2026. Individuals wishing to object to the settlement or exclude themselves must do so by January 5, 2026.
