Cigna Data Breach Lawsuit, Hackers Stole Medical Records – Claim Deadline Was January 5, 2026

ByAll About Lawyer Reading Time: 9 minutes

Important: The $5.7 million Cigna LocalPlus settlement claim deadline passed on January 5, 2026. This settlement was for billing errors, not the 2023 Prospect Medical data breach. Multiple Cigna data breach lawsuits from 2023-2025 remain active with no settlements announced yet. Law firms are still investigating data breach claims as of January 2026.

The 2023 Prospect Medical Data Breach Affecting Cigna

Hackers accessed Cigna policyholder information through Prospect Medical Holdings’ network between July 31 and August 3, 2023. The breach exposed names, Social Security numbers, addresses, birth dates, diagnoses, lab results, medications, treatment details, health insurance information, and financial data. Cigna sent breach notification letters on January 31, 2024.

Prospect Medical provides administrative services for healthcare providers who contract with Cigna. The unauthorized access happened when hackers got into Prospect’s computer network and downloaded files containing sensitive patient data from multiple insurance companies, including Cigna.

Who Got Affected by the Data Breach

The breach impacted Cigna policyholders whose information was stored on Prospect Medical’s systems. According to the Massachusetts Attorney General, Cigna had disclosed policyholder information to Aquent, a third-party staffing company, which then shared it with Prospect Medical.

If you received a data breach notification letter from Cigna in January 2024 or later, your information was part of this breach. The security breach happened within Prospect Medical’s network, not directly on Cigna or Aquent systems.

What Legal Claims Are Being Made

Law firms investigating the Prospect Medical breach are examining potential claims for:

  • Negligence in protecting sensitive health data
  • Breach of fiduciary duty
  • Violations of state consumer protection laws
  • Failure to implement reasonable security measures
  • Inadequate monitoring and response to security threats

As of January 2026, no class action lawsuit has been filed specifically for the 2023 Prospect Medical breach affecting Cigna customers. Law firms are still accepting consultations from affected individuals.

The Separate $5.7 Million LocalPlus Settlement (Deadline Passed)

This settlement had nothing to do with the data breach. Cigna agreed to pay $5.71 million to resolve claims it misclassified out-of-network providers as in-network due to a billing system error. The claim deadline was January 5, 2026.

This settlement covered:

  • People with Cigna LocalPlus plans
  • Who received balance bills because providers were listed as in-network when they were actually out-of-network
  • Due to a configuration error in Cigna’s benefits system

Payments went to people who submitted proof of balance bills by the deadline. This was about billing mistakes, not hacked medical records.

Other Ongoing Cigna Lawsuits in 2026

December 2025 Vendor Breach A customer filed a class action in Connecticut federal court claiming Cigna failed to protect data during a breach at a support services vendor between October 2024 and January 2025. The stolen data appeared online. This case is separate from the Prospect Medical breach.

Pennsylvania Website Tracking Case (July 2025) Cigna health plan members sued claiming the company tracked their website activities and failed to protect their data. Cigna asked the court to dismiss the case, saying plaintiffs didn’t show how their information was intercepted. The case is ongoing as of January 2026.

Claims Denial Lawsuit Hannah Veinbergs filed a California federal lawsuit claiming Cigna uses an algorithm to automatically deny payment requests for medical procedures in batches without individual review. This case involves insurance claim practices, not data security.

Cigna Data Breach Lawsuit, Hackers Stole Medical Records - Claim Deadline Was January 5, 2026

What Information Got Stolen in the Prospect Breach

The compromised data included:

  • Full names
  • Social Security numbers
  • Home addresses
  • Dates of birth
  • Medical diagnoses
  • Laboratory test results
  • Prescription medications
  • Treatment information
  • Health insurance details
  • Dates of medical treatment
  • Financial information

This type of data can be used for identity theft, medical fraud, insurance fraud, and tax fraud for years after a breach.

Why No Settlement Exists Yet for the Data Breach

Data breach class actions typically take 2-4 years from breach to settlement. The Prospect Medical breach happened in August 2023. Cigna sent notification letters in January 2024. As of January 2026, that’s only about 2 years since the breach was discovered.

The process usually involves:

  • Investigation by attorneys (6-12 months)
  • Filing the lawsuit (after investigation)
  • Class certification motions (6-12 months)
  • Discovery and depositions (12-24 months)
  • Settlement negotiations or trial
  • Final approval (3-6 months)

Law firms are still in the investigation phase for the Prospect Medical breach, which is why no lawsuit has been filed yet.

What You Should Do If You Got a Breach Notice

Check Your Credit Reports Get free reports from all three bureaus at AnnualCreditReport.com. Look for accounts you didn’t open or inquiries you didn’t authorize.

Place a Fraud Alert Contact one credit bureau to place a fraud alert on your file. It lasts one year and makes it harder for identity thieves to open accounts in your name.

Consider a Credit Freeze This blocks new creditors from accessing your credit report, preventing most identity theft. It’s free and you can lift it when needed.

Monitor Medical Statements Review explanation of benefits statements from your insurance company. Look for services you didn’t receive or providers you didn’t visit.

Watch for Tax Fraud File your taxes early. Thieves use stolen Social Security numbers to file fraudulent returns and claim refunds.

Save Your Breach Notice Keep the letter from Cigna showing you were affected. You’ll need it if a class action lawsuit is filed and you want to participate.

Free Credit Monitoring Offered by Cigna

Cigna typically offers affected individuals 12-24 months of free credit monitoring and identity theft protection services through companies like Experian or Kroll. Check your breach notification letter for instructions on how to enroll.

These services usually include:

  • Credit monitoring from all three bureaus
  • Dark web monitoring for your personal information
  • Identity theft insurance (usually $1 million coverage)
  • Fraud resolution services

Enroll even if you don’t think you need it. The protection is free and identity theft can happen months or years after a breach.

How Data Breach Settlements Usually Work

When settlements do happen, they typically offer:

Cash Payments

  • Usually $25-$200 per person for documented time spent dealing with the breach
  • Higher amounts for actual identity theft (up to several thousand dollars with proof)

Reimbursement for Losses

  • Out-of-pocket costs related to identity theft
  • Credit monitoring fees you paid yourself
  • Time spent recovering from fraud (usually $15-25 per hour)

Extended Credit Monitoring

  • Additional years of free monitoring beyond what the company already provided

The $5.7 million LocalPlus settlement is not typical for data breaches—that was about billing errors, not stolen data.

Can You Still File a Claim Later?

If a class action lawsuit gets filed for the Prospect Medical data breach, eligible class members will receive notices by mail or email explaining:

  • How to file a claim
  • What documentation you need
  • Claim deadlines (usually 60-120 days after notice)
  • Your right to opt out or object

You don’t need to do anything right now. If you received a breach notice from Cigna in 2024, you’re likely in the class automatically if a lawsuit is certified.

Should You Contact a Lawyer Now?

You can contact law firms investigating the breach for a free consultation. Many data breach attorneys work on contingency, meaning they only get paid if the case settles or wins.

However, understand that:

  • No lawsuit has been filed yet for the Prospect Medical breach
  • No settlement exists
  • No compensation is available right now
  • Law firms are still investigating

If you experienced actual identity theft or financial losses because of the breach, document everything. You may have stronger individual claims.

The December 2025 Vendor Breach (New Case)

A completely separate breach occurred between October 2024 and January 2025 involving a Cigna support services vendor. A customer filed a class action in Connecticut federal court on December 18, 2025.

This breach is different from the 2023 Prospect Medical incident. The stolen data from this vendor appeared online. The lawsuit claims Cigna failed to protect customer data and should have prevented the breach.

As of January 2026, this case is brand new with no developments beyond the initial filing.

What Makes Healthcare Data Valuable to Hackers

Medical records sell for $250-$1,000 each on the dark web, compared to $1-$2 for credit card numbers. Here’s why:

Medical Identity Theft Thieves use stolen health information to get medical services, prescription drugs, or file fraudulent insurance claims.

Tax Fraud Social Security numbers from medical records are used to file fake tax returns before victims file their own.

Financial Fraud Full name, address, birth date, and SSN together allow thieves to open bank accounts, credit cards, and loans.

Blackmail Sensitive health information like mental health diagnoses, HIV status, or addiction treatment can be used for extortion.

How Long Before Identity Theft Happens

Data breach victims face elevated risk of identity theft for 3-5 years after a breach. Criminals often wait months or years before using stolen information to avoid detection during heightened monitoring periods.

Keep monitoring your credit and financial accounts even after free monitoring expires. Consider paying for monitoring services if the breach included your Social Security number.

Comparing This to Other Healthcare Data Breaches

Anthem (2015) Hackers stole data from 78.8 million people. Settlement paid $115 million with most victims receiving $50-$100.

Premera Blue Cross (2015) 11 million people affected. Settlement paid $74 million with average payments of $200-$300 for documented losses.

UCLA Health (2015) 4.5 million patients affected. Settlement paid $7.5 million with typical payments of $200 or reimbursement for documented losses up to $20,000.

The Prospect Medical breach affecting Cigna customers is significantly smaller, which may affect potential settlement amounts if a case is filed.

What Cigna Says About the Breach

Cigna has not publicly commented extensively on the Prospect Medical breach beyond the notification letters sent in January 2024. The company’s position is that the breach occurred on Prospect Medical’s systems, not Cigna’s own network.

However, plaintiffs’ attorneys argue Cigna had a duty to ensure third-party vendors like Prospect Medical adequately protected patient data. This is a common argument in data breach cases involving vendors.

HIPAA Violations and Government Penalties

The breach may violate the Health Insurance Portability and Accountability Act (HIPAA), which requires healthcare entities to protect patient information. The Department of Health and Human Services Office for Civil Rights investigates HIPAA violations.

Penalties for HIPAA violations can reach $50,000 per violation with annual maximums of $1.5 million. However, these fines go to the government, not affected patients.

Class action lawsuits provide the mechanism for patients to seek individual compensation for breaches.

Frequently Asked Questions About Cigna Data Breaches

Is there a Cigna data breach settlement I can claim right now?

No. The $5.7 million settlement was for billing errors (deadline passed January 5, 2026). No settlement exists for the 2023 Prospect Medical data breach.

How do I know if I was affected?

If you received a breach notification letter from Cigna in January 2024 or later, you were affected. The letter would specifically mention “data breach” or “security incident.”

Can I still file a claim if I missed the January 5 deadline?

That deadline was only for the LocalPlus billing settlement, not the data breach. If a data breach lawsuit is filed, you’ll get separate notices.

What should I do if I didn’t receive a letter?

If you were a Cigna policyholder in 2023 but didn’t receive a letter, your information may not have been affected. You can check HaveIBeenPwned.com or contact Cigna customer service.

How much money can I get?

Unknown. No lawsuit has been filed yet for the data breach. Typical data breach settlements pay $50-$200 per person or reimburse documented losses.

Do I need proof I was harmed?

For basic settlement payments, usually no. For larger payments, you typically need proof of identity theft, fraud, or out-of-pocket costs.

Will filing a claim affect my insurance?

No. Participating in a class action lawsuit does not affect your insurance coverage or rates.

What if I’ve switched insurance companies?

If you were a Cigna policyholder when the breach occurred in 2023, you’re still eligible to participate if a lawsuit is filed.

How long does it take to get paid?

From breach to final settlement payments typically takes 3-5 years. The Prospect Medical breach was in August 2023, so payments wouldn’t likely happen until 2026-2028 at the earliest.

Should I accept a settlement or opt out?

Most people stay in the class action. Only opt out if you have large documented losses and want to file your own lawsuit, which is expensive and time-consuming.

Can I sue separately?

Yes, but you must opt out by the deadline when class notices are sent. Individual lawsuits are rarely worth it unless you have substantial documented damages exceeding $25,000.

What about the December 2025 breach?

That’s a separate, newer breach. A lawsuit was just filed in December 2025. No settlement or claim process exists yet for that breach either.

This article provides information about Cigna data breaches and related lawsuits based on court records and public notices as of January 2026. It is not legal advice. For questions about your specific situation, consult a qualified data breach attorney.

About the Author

Sarah Klein, JD

Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah

Leave a Reply

Your email address will not be published. Required fields are marked *