NextGen Healthcare’s $19.4M Settlement Pays Up To $7,500 For Data Breach—File By March 30, 2026 At NGHDataBreachLitigation
NextGen Healthcare agreed to a $19.4 million settlement resolving class action lawsuits over an April 2023 ransomware attack that exposed sensitive medical information of over 1 million patients. The settlement, approved by the U.S. District Court for the Northern District of Georgia (Case No. 1:23-cv-02043-TWT, Miller v. NextGen Healthcare Inc.), provides affected patients cash payments up to $7,500 for documented losses, $250 for lost time, or alternative payments of $50 ($150 for California residents), plus 3 years of free identity protection.
If you received a breach notification letter from NextGen Healthcare or your healthcare provider, you have until March 30, 2026 to file your claim at NGHDataBreachLitigation.com. The breach exposed names, Social Security numbers, driver’s license numbers, dates of birth, medical records, health insurance information, and treatment data—creating serious identity theft and medical fraud risks lasting years. Hackers accessed NextGen systems from March 29 to April 14, 2023, but the company didn’t discover the breach until April 28, 2023.
This affects you if your medical information was processed through NextGen Healthcare’s systems and you received a data breach notification. NextGen provides electronic health record services to over 1,600 healthcare organizations nationwide. Understanding what compensation you’re entitled to and how to claim it could mean recovering thousands of dollars for breach-related expenses.
What the $19.4 Million NextGen Healthcare Settlement Covers
Settlement Terms and Current Status
The $19.4 million NextGen Healthcare data breach settlement resolves consolidated class action claims that the healthcare technology company failed to adequately protect patient information, resulting in unauthorized ransomware access to sensitive medical data. NextGen denies all wrongdoing but agreed to settle to avoid litigation costs and compensate affected patients.
The court granted preliminary approval on October 30, 2025. The final approval hearing is scheduled for February 17, 2026 at 10:00 a.m. in the U.S. District Court for the Northern District of Georgia, Atlanta Division. If the court grants final approval, payments will be distributed approximately 75 days after final approval or 30 days after the settlement becomes effective, whichever is later—likely April or May 2026.
What the Lawsuits Alleged About the Breach
The consolidated class action alleged NextGen could have prevented the data breach through reasonable cybersecurity measures. Plaintiffs claimed the company failed to implement adequate security safeguards, didn’t detect unauthorized access promptly, and delayed notifying affected patients. The breach allegedly occurred when hackers gained access using stolen credentials from one of NextGen’s clients, accessing a NextGen Office storage system containing patient data from multiple healthcare providers.
Plaintiffs asserted 25 claims including negligence, breach of implied contract, breach of fiduciary duty, unjust enrichment, invasion of privacy, and violations of state consumer protection laws in California, Georgia, Illinois, Iowa, Maine, Massachusetts, Missouri, Montana, Nevada, New Jersey, New York, North Carolina, Oregon, Pennsylvania, Texas, and Wisconsin.
What the NextGen Healthcare Data Breach Involved
How Hackers Accessed Patient Data
NextGen detected the third-party criminal cyberattack on April 28, 2023. The investigation revealed that between March 29 and April 14, 2023, an unauthorized third party used stolen provider credentials—apparently stolen from sources unrelated to NextGen—to gain access to the NextGen Office system. The hackers exfiltrated a large volume of sensitive patient data during the 17-day access period.
The breach affected 1,049,375 patients according to reports filed with the Maine Attorney General. This was NextGen’s second ransomware attack in months—the company experienced a BlackCat ransomware attack in January 2023, just three months before this April incident. NextGen began issuing breach notification letters to affected patients in May 2023, shortly after discovery.
What Sensitive Medical Information Was Exposed
The compromised data included highly sensitive personal and health information: patient names, contact details (addresses, phone numbers, email), dates of birth, Social Security numbers, driver’s license numbers, health records data (diagnoses, medications, test results, treatments, clinical notes), health insurance information, provider names, dates of service, medical record numbers, and payment details. The specific information exposed varies by individual based on what their healthcare provider stored in NextGen systems.
Medical data exposure is especially dangerous because it enables medical identity theft—criminals using your information to obtain medical services, prescription drugs, or submit fraudulent insurance claims in your name. Unlike credit cards you can cancel, you can’t change your medical history or Social Security number. Healthcare data sells for 10-50 times more than credit card data on the dark web because it’s more valuable for long-term fraud and harder to detect when misused.
Who Qualifies for the $19.4M Settlement and How Much You Can Get
Am I Eligible for the NextGen Healthcare Settlement?
You’re a settlement class member if NextGen Healthcare identified you as someone whose private information may have been impacted by the April 2023 data breach. All identified settlement class members were mailed notice of the proposed settlement—if you received a notice, you’re likely eligible. You can confirm eligibility by visiting NGHDataBreachLitigation.com or calling the settlement administrator at (833) 630-5369.
You don’t need proof of identity theft or financial harm—just a breach notification letter confirming your data was exposed. Your healthcare provider must be one of NextGen’s clients whose patient data was stored in the compromised NextGen Office system during March-April 2023.
How Much Money Can I Claim From the Settlement?
The $19.4 million settlement provides multiple compensation options—you must choose ONE cash payment option:
Out-of-Pocket Losses (Documented): Up to $7,500 per person for documented unreimbursed losses fairly traceable to the data breach. Eligible expenses include identity theft remediation costs, credit freeze and unfreeze fees, credit monitoring services you purchased, fraudulent charges, costs to obtain credit reports, notary fees, postage, copying, mileage, and other expenses incurred on or after March 29, 2023. You must provide reasonable documentation like receipts, invoices, bank statements, or correspondence proving your losses.
Lost Time Reimbursement: Up to $250 for time spent remedying fraud, identity theft, other misuse of your information, or taking preventative measures. Lost time is paid at $25 per hour. If you’re claiming documented out-of-pocket losses, you can claim up to 10 hours ($250 maximum). Without documented losses, you can self-certify up to 5 hours ($125 maximum). Time can be claimed in 15-minute increments.
Alternative Cash Payment: An estimated $50 pro rata payment ($150 for California residents) without requiring any documentation. The actual amount depends on the number of claims filed and remaining settlement funds after documented loss claims are paid.
Identity Defense Services: All class members receive 3 years of free Identity Defense Services and Restoration Services regardless of which cash option you choose. Services begin around March 20, 2026 or when the settlement becomes final.
All cash payments are subject to pro rata adjustment if total valid claims exceed the settlement fund after attorneys’ fees (up to one-third of $19.4 million), administrative costs, and service awards ($2,500 each to class representatives) are deducted.
What You Must Know
Your Rights Under the NextGen Healthcare Settlement
As a settlement class member, you can file a claim to receive compensation—this is the only way to get settlement benefits. You can opt out (exclude yourself) by February 12, 2026, preserving your right to sue NextGen separately but receiving no settlement money. You can object to settlement terms by February 12, 2026 if you think they’re unfair—you’ll stay in the settlement but tell the court your concerns.
If you do nothing, you’ll be legally bound by the settlement and release all claims against NextGen Healthcare related to the April 2023 breach, but you won’t receive any compensation unless you file a claim form by March 30, 2026.
Common Mistakes That Cost You Money
Don’t throw away the settlement notice thinking it’s junk mail—it contains your unique claim ID and instructions. Not filing a claim by March 30, 2026 means you get absolutely nothing even if you qualify. Don’t assume automatic payment without filing.
Failing to gather documentation of losses means missing up to $7,500. Keep receipts, bank statements, credit reports showing fraudulent activity, time logs, and records of expenses or time spent addressing the breach. Not reading the settlement notice carefully means you might miss important deadlines or misunderstand your compensation options.
What Happens Next With the Settlement
The court holds the final approval hearing February 17, 2026 at 10:00 a.m. to determine whether to approve the settlement, attorney fees, and service awards. If approved, the settlement administrator processes claims and distributes payments within 75 days after final approval—likely April or May 2026.
Check your claim status at NGHDataBreachLitigation.com or call (833) 630-5369. If your claim is denied, you’ll receive notice and may have an opportunity to provide additional information. Any remaining settlement funds after all valid claims are paid will be used to extend the identity monitoring period or distributed to nonprofit cybersecurity organizations. No money returns to NextGen.
What to Do Next
If You Received a Settlement Notice
Visit NGHDataBreachLitigation.com to verify you’re in the settlement class. Read the entire notice carefully to understand your compensation options and deadlines. Gather documentation for any losses you experienced—identity theft costs, credit monitoring expenses, fraudulent charges, time spent addressing the breach (keep detailed time logs with dates and activities), credit freeze fees, notary fees, postage, mileage, or other out-of-pocket expenses.
Calculate what you can claim based on your documentation. If you have significant documented losses approaching $7,500, gather all supporting receipts and statements. If you don’t have documentation or your losses are minimal, you can still claim the estimated $50 ($150 for California residents) alternative payment. Mark March 30, 2026 on your calendar in bold—missing this deadline means forfeiting all compensation.
How to File Your NextGen Healthcare Settlement Claim
Visit NGHDataBreachLitigation.com and click “File a Claim” to submit online, or download a PDF claim form to mail. Complete all required fields accurately including your name, address, email, phone number, and your unique claim ID from the settlement notice.
Choose ONE cash payment option: (1) Out-of-pocket losses with documentation up to $7,500, (2) Lost time reimbursement up to $250 ($125 without documented losses), or (3) Alternative cash payment of estimated $50 ($150 for California residents) without documentation.
If claiming documented losses or lost time, attach supporting documentation including receipts, bank statements, credit reports, time logs, or correspondence proving your expenses. Make copies of everything before submitting.
Submit your claim online by 11:59 p.m. on March 30, 2026 or mail it postmarked by March 30, 2026 to: NGH Data Breach Litigation, c/o Kroll Settlement Administration LLC, P.O. Box 5324, New York, NY 10150-5391. Keep confirmation of submission—screenshot confirmation numbers for online submissions or certified mail receipts for mailed claims. Call (833) 630-5369 with questions or email [email protected].
Your Options to Opt Out or Object
To opt out (exclude yourself), mail a written request postmarked by February 12, 2026 stating you want to be excluded from Miller v. NextGen Healthcare Inc., Case No. 1:23-cv-02043-TWT. Your request must be personally signed and include your name, address, phone number, and email. Send to the address above. Opting out means you won’t receive settlement money but can pursue your own lawsuit against NextGen.
To object, file a written objection with the court and serve it on class counsel and defendant’s counsel by February 12, 2026. Objections let you tell the court why you disagree with the settlement terms while staying in the settlement. You can appear at the February 17, 2026 final approval hearing to voice your objection in person or through your own attorney.
Frequently Asked Questions
What is the NextGen Healthcare $19.4 million settlement about?
The NextGen Healthcare data breach settlement resolves class action lawsuits alleging the healthcare technology company failed to protect patient information in an April 2023 ransomware attack that exposed medical records, Social Security numbers, and other sensitive data of over 1 million patients. NextGen agreed to pay $19.4 million without admitting wrongdoing.
How much money will I get from the NextGen Healthcare settlement?
You can claim up to $7,500 with documentation of breach-related losses, up to $250 for lost time ($125 without documented losses), or an estimated $50 alternative payment ($150 for California residents) without documentation. All class members also receive 3 years of free identity protection services. Actual amounts vary based on total claims filed.
Am I eligible for the NextGen Healthcare data breach settlement?
You’re eligible if you received a breach notification from NextGen Healthcare or your healthcare provider indicating your information may have been compromised in the April 2023 data incident. You must be identified by NextGen as someone whose private information was impacted. Verify eligibility at NGHDataBreachLitigation.com or call (833) 630-5369.
When is the deadline to file a NextGen Healthcare settlement claim?
The claim deadline is March 30, 2026. Claims must be submitted online by 11:59 p.m. or postmarked by this date. Missing this deadline means you cannot receive any settlement compensation even if you qualify.
What medical information was exposed in the NextGen Healthcare breach?
Exposed data included names, dates of birth, Social Security numbers, driver’s license numbers, addresses, phone numbers, medical diagnoses, medications, test results, treatment information, clinical notes, health insurance details, provider names, dates of service, medical record numbers, and payment information. Specific data exposed varies by individual.
Do I have to file a claim or is payment automatic?
You must file a claim to receive compensation. Even if you’re automatically included in the settlement class, you won’t receive any payment unless you submit a valid claim form by March 30, 2026 at NGHDataBreachLitigation.com or by mail to Kroll Settlement Administration.
When will I receive my settlement check?
Payments will be distributed approximately 75 days after the court grants final approval (scheduled February 17, 2026) or 30 days after the settlement becomes effective, whichever is later. Expect checks in April or May 2026 assuming no appeals.
Last Updated: January 13, 2026 — We keep this current with the latest legal developments.
💡 Pro Tip: File your NextGen Healthcare settlement claim early—don’t wait until March 30, 2026. Early filing ensures your claim is processed without last-minute technical issues or mail delays. If you’re claiming documented losses, filing early gives you time to gather additional documentation if the administrator requests it, maximizing your recovery up to the $7,500 cap.
Legal Disclaimer: This article provides general information about the $19.4M NextGen Healthcare data breach settlement and is intended for educational purposes only. It does not constitute legal advice. Settlement terms are subject to final court approval. AllAboutLawyer.com is not affiliated with the settlement administrator, Kroll Settlement Administration LLC, or class counsel. For specific legal advice about the NextGen Healthcare settlement or your claim, consult a qualified attorney experienced in data breach litigation. Information is based on publicly available settlement documents, court filings, and official settlement website details current as of January 13, 2026.
File Your Claim Now:
- Official settlement website: NGHDataBreachLitigation.com
- Settlement administrator: Kroll Settlement Administration LLC
- Phone: (833) 630-5369
- Email: [email protected]
- Claim deadline: March 30, 2026
Related: Learn how to protect yourself with our guides on Kaiser class action lawsuit $47.5M settlement, Yale New Haven $18M data breach settlement, and Nelnet data breach class action lawsuit $10M settlement.
Stay informed, stay protected. — AllAboutLawyer.com
About the Author
Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah