Oglethorpe Settles Data Breach Lawsuit
Oglethorpe, a Tampa, FL-based network of mental health and addiction recovery treatment facilities, was sued in response to a June 2025 hacking incident in which the personal and protected health information of 92,000 current and former patients and employees was stolen. The lawsuit has recently been settled and a cash fund of $350,000 will be created to cover benefits for class members.
The hacking incident was discovered in June 2025. The forensic investigation determined that the hacker exfiltrated information such as names, Social Security numbers, driver’s license or state identification numbers, and medical information. The affected individuals started to be notified about the incident on October 31, 2025. Multiple class action lawsuits were filed in response to the data breach, alleging that it could have been prevented had reasonable and appropriate cybersecurity measures been implemented.
The lawsuits were consolidated – Scott, et al. v. Oglethorpe, Inc.– in the Circuit Court for Broward County, Florida, since they had overlapping claims and were based on the same facts. The consolidated lawsuit asserted claims for negligence, negligence per se, breach of implied contract, and unjust enrichment, as well as requesting declaratory and injunctive relief. Oglethorpe denies wrongdoing, fault, and liability.
All parties explored the opportunity for early resolution of the lawsuit to avoid unnecessary legal costs and the uncertainty of a trial and related appeals. Following several weeks of arms-length negotiations, a settlement was agreed upon that was acceptable to all parties. Under the terms of the settlement, Oglethorpe has agreed to cover attorneys’ fees and expenses, settlement administration and notification costs, and service awards for the class representatives. A fund of $350,000 will be created to cover benefits for the class members.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
All class members may enroll in one year of medical data monitoring services, which include a $1 million medical identity theft insurance policy. They may also claim one of two cash benefits: A claim may be submitted for reimbursement of documented, unreimbursed losses due to the data breach up to a maximum of $2,500 per class member, or a claim may be submitted for an alternative one-time cash payment of $75. That cash payment is subject to a pro rata reduction should the claim total exceed $350,000.
The settlement has received preliminary approval from the court, and the final fairness hearing has been scheduled for June 22, 2026. Claims must be submitted by August 8, 2026, and individuals wishing to object to the settlement or exclude themselves must do so by June 8, 2026.
