Numotion Agrees to Pay $4 Million to Settle Litigation Stemming from 2024 Data Breaches
The mobility equipment provider United Seating and Mobility, doing business as Numotion, has agreed to settle class action litigation stemming from two data security incidents in 2024 that involved unauthorized access to the protected health information of hundreds of thousands of its customers.
The first incident was detected by Numotion on March 2, 2024. The forensic investigation confirmed that an unauthorized third party gained access to its systems, which, according to the lawsuit, contained the personal and protected health information of 685,264* current and former customers and employees. The ransomware group had access to its network between February 29, 2024, and March 2, 2024, and potentially obtained names, dates of birth, equipment order details, supporting medical documentation, medical insurance information, and, for certain individuals, Social Security numbers.
The second data security incident was a phishing incident, discovered on September 29, 2024, involving unauthorized access to email accounts. The data review confirmed that the personal and protected health information of 494,326 individuals* was present in the compromised accounts, including names, dates of birth, product information, payment and financial account information, health insurance information, medical information, and limited Social Security numbers.
Multiple class action lawsuits were filed in response to each data breach, which were consolidated into two separate actions. In March 2025, the parties in each of the two consolidated actions explored the early resolution of both lawsuits in a single settlement. Following a full day of mediation and arms-length negotiations, the material terms of a settlement were agreed upon, and over the following weeks, a settlement was finalized with no admission of liability or wrongdoing by the defendant. That settlement has now received preliminary approval from the court.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Under the terms of the settlement, Numotion has agreed to establish a $4,000,000 settlement fund to cover attorneys’ fees and expenses (up to $1,333,333.33), settlement administration costs, service awards for the class representatives, and benefits for the class members. There are two possible cash payments. Class members may submit a claim for reimbursement of documented, unreimbursed losses due to the data breach up to a maximum of $15,000 per class member, plus a pro rata cash payment. The cash payments will be paid pro rata if the costs and other benefits do not exhaust the settlement fund.
All class members will receive two years of complimentary credit monitoring services without submitting a claim, and the subclass of individuals who had their Social Security numbers exposed may submit a claim for two years of medical monitoring services. The deadline for opting out of and objection to the settlement is March 3, 2026, and claims must be submitted by March 18, 2026. The final approval hearing was scheduled for April 2, 2026.
*The HHS’ Office for Civil Rights was informed that the first incident involved the protected health information of up to 602,265 individuals, and the second data breach involved the protected health information of up to 529,004 individuals.
