- Today
- Holidays
- Birthdays
- Reminders
- Cities
- Atlanta
- Austin
- Baltimore
- Berwyn
- Beverly Hills
- Birmingham
- Boston
- Brooklyn
- Buffalo
- Charlotte
- Chicago
- Cincinnati
- Cleveland
- Columbus
- Dallas
- Denver
- Detroit
- Fort Worth
- Houston
- Indianapolis
- Knoxville
- Las Vegas
- Los Angeles
- Louisville
- Madison
- Memphis
- Miami
- Milwaukee
- Minneapolis
- Nashville
- New Orleans
- New York
- Omaha
- Orlando
- Philadelphia
- Phoenix
- Pittsburgh
- Portland
- Raleigh
- Richmond
- Rutherford
- Sacramento
- Salt Lake City
- San Antonio
- San Diego
- San Francisco
- San Jose
- Seattle
- Tampa
- Tucson
- Washington
Capital Health Settles $4.5M Lawsuit Over 2023 Data Breach
The healthcare provider agreed to the settlement with no admission of liability.
Feb. 4, 2026 at 6:47am
Got story updates? Submit your updates here. ›
Capital Health has agreed to pay $4.5 million to settle a class action lawsuit stemming from a 2023 ransomware attack that exposed the personal and medical data of over 500,000 patients. The settlement includes cash payments and credit monitoring services for affected individuals, as well as commitments by Capital Health to enhance data security measures.
Why it matters
This case highlights the significant legal and financial consequences healthcare providers can face when patient data is compromised in a cyberattack. The settlement underscores the importance of robust cybersecurity practices to protect sensitive information and the need for transparency when data breaches occur.
The details
In November 2023, Capital Health's systems were infiltrated by the LockBit ransomware group, which claimed to have stolen 7 TB of patient data. The breach exposed names, contact information, Social Security numbers, and medical records of over 500,000 individuals. Multiple class action lawsuits were filed, which were eventually consolidated. After negotiations, Capital Health agreed to pay $4.5 million to settle the case, with no admission of wrongdoing. Class members can claim up to $5,000 for documented losses or a $100 cash payment, as well as three years of credit monitoring.
- On or around November 26, 2023, Capital Health identified unauthorized activity within its computer systems.
- The LockBit ransomware group claimed responsibility for the attack and threatened to publish the stolen data on January 9, 2024.
- The first class action lawsuit over the attack was filed on December 19, 2023.
- The consolidated class action lawsuit was filed in May 2025.
- The final fairness hearing for the settlement is scheduled for July 14, 2026.
The players
Capital Health Systems, Inc.
A healthcare provider that operates two hospitals and many primary care clinics in New Jersey and Pennsylvania.
LockBit
A criminal cyber actor group that claimed responsibility for the ransomware attack on Capital Health's systems.
Bruce Graycar, et al.
The plaintiffs in the consolidated class action lawsuit against Capital Health.
What’s next
The deadline for objection to and opting out of the settlement is March 9, 2026. The deadline for submitting a claim is April 6, 2026.
The takeaway
The Capital Health data breach settlement underscores the importance of robust cybersecurity measures and transparency in the healthcare industry to protect sensitive patient information and mitigate the impact of data breaches.
