Gryphon Healthcare $2.8M Data Breach Settlement 2026—393,358 Patients Can Claim Up To $5,000 Plus 2 Years Identity Monitoring, File By April 16

ByAll About Lawyer Reading Time: 5 minutes

Case Number: Morris, et al., v. Gryphon Healthcare LLC, Case No. 2024-77384
Recent Update: December 17, 2025 – Court grants preliminary approval for $2.8 million settlement; 393,358 medical billing patients eligible for cash plus identity protection

Gryphon Healthcare has agreed to a $2,800,000 settlement to resolve a class action lawsuit over a data breach discovered by the medical billing company in August 2024 that allegedly exposed the private information of its client’s patients to an unauthorized third party. Settlement documents report that the private information of approximately 393,358 individuals may have been impacted by the data breach.

If you received care at a healthcare facility serviced by Gryphon and got a breach notification letter around October 2024, you could claim up to $5,000 in documented losses or approximately $100 without receipts—plus two years of free identity theft protection worth hundreds.

What Happened In The Gryphon Healthcare Cyberattack

The incident stemmed from unauthorized access involving an external information technology service provider that supported billing operations. Gryphon Healthcare became aware of the intrusion in August 2024 and determined through an internal investigation that files may have been viewed or obtained.

Certain files that contained private information were accessed. These files may have contained personal information such as names; dates of birth; addresses; Social Security numbers; dates of service; diagnosis information; health insurance information; medical treatment information; prescription information; provider information and medical record numbers.

The breach occurred around early July 2024. Gryphon Healthcare waited until on or about Oct. 11, 2024, roughly two months after the company said it became aware of the data breach, to notify affected current and former patients their private information had been compromised.

That delay is precisely what makes this settlement valuable. Similar delays in healthcare breach notifications have resulted in enhanced settlement payouts. The Continuum Health Class Action Settlement Pays Up To $5,000—380,000 Patients’ Social Security Numbers And Medical Records Exposed and the MHCC Class Action Lawsuit Settlement Approved, McLaren Health Care Data Breach Victims Can Claim Up To $5,000 Before April 2026 Hearing both involved notification delays and resulted in substantial compensation.

Who Qualifies For The $2.8 Million Settlement

The Gryphon Healthcare class action settlement received preliminary court approval on December 17, 2025 and covers all United States residents whose personal information was potentially exposed in the data breach, including those who received a written notice from Gryphon informing them of the cybersecurity incident.

You’re eligible if you’re a U.S. resident whose information was stored by Gryphon Healthcare for billing purposes and you received a data breach notification letter from Gryphon dated around October 11, 2024.

Gryphon is a Houston-based medical billing service provider. You may not have heard of them because they work behind the scenes processing bills for healthcare facilities. If you visited a hospital or clinic that used Gryphon’s billing services between early 2024 and July 2024, your information might be affected.

Settlement Payment Options: Choose What Works For You

Class members can submit claims for reimbursement of documented, unreimbursed losses related to the data breach, up to $5,000 per person. Alternatively, they may opt for a flat cash payment estimated at $100, subject to adjustment based on the total number of valid claims submitted.

Gryphon Healthcare has agreed to a $2,800,000 settlement to resolve a class action lawsuit over a data breach discovered by the medical billing company in August 2024 that allegedly exposed the private information of its client's patients to an unauthorized third party. Settlement documents report that the private information of approximately 393,358 individuals may have been impacted by the data breach.

Option A: Documented Losses (Up To $5,000)
 To claim reimbursement for out-of-pocket losses (up to $5,000), class members must provide documentation, such as bank statements, receipts or other proof showing the data incident caused the expenses.

Covered expenses include identity theft losses, credit monitoring costs, credit freeze fees, replacement ID costs, bank fees from fraud, and professional services to resolve identity theft.

Option B: Flat Cash Payment (~$100)
 No receipts required. Just submit a valid claim form by April 16, 2026. The exact amount depends on how many people file claims.

Plus: Free Identity Protection For Everyone
 In addition to monetary compensation, all class members who file valid claims will receive two years of identity theft protection and medical data monitoring services. The coverage includes up to $1 million in identity theft insurance.

How To File Your Claim Before April 16, 2026

Class members can file a claim online or download, print and complete a PDF claim form and mail or email it to the settlement administrator. The claim deadline is April 16, 2026.

Online: Visit GryphonHealthcareDataSettlement.com
 By Mail: Gryphon Data Incident Settlement, c/o Settlement Administrator, PO Box 25226, Santa Ana, CA 92799-9958
By Email: [email protected]
Phone: 833-647-8963

To submit an online claim form, class members must log in with their unique ID and PIN, which are located on the settlement notice they received. If you lost your notice, contact the settlement administrator at the phone number or email above with your full name and mailing address.

Timeline: When You’ll Get Paid

Final approval hearing: Aug. 31, 2026
The settlement administrator will distribute payments and benefits approximately 30 days after the court resolves any appeals and grants final approval to the settlement.

If the court approves the settlement on August 31, 2026, expect payments around early October 2026.

The deadline to object to the settlement or opt out of the class is March 17, 2026.

What The Lawsuit Alleged

The consolidated complaint alleged a broad range of claims, including negligence and negligence per se, breach of contract and implied contract, breach of fiduciary duty and confidence, invasion of privacy, unjust enrichment, bailment, failure to provide timely notice under applicable data breach laws, and violations of state consumer protection statutes.

Gryphon Healthcare denied wrongdoing, fault, and liability in connection with the cyberattack and data exposure. The company nonetheless agreed to settle the litigation, citing the cost, distraction, and uncertainty associated with continued legal proceedings and a potential trial.

FAQs About The Gryphon Healthcare Settlement

What Personal Information Was Exposed?

The breach potentially exposed names, birthdates, addresses, Social Security numbers, dates of service, diagnosis information, health insurance details, medical treatment information, prescription records, provider information, and medical record numbers.

Do I Need Proof Of Identity Theft To Get Money?

No. You can choose Option B (flat payment of ~$100) without any documentation. Only Option A (up to $5,000) requires receipts proving losses.

What If I Never Received A Breach Notice?

Contact the settlement administrator at 833-647-8963 or [email protected]. Provide your name and confirm you received care at a facility using Gryphon’s billing services in 2024.

Is The Identity Monitoring Automatic?

You must file a claim to receive the two years of identity theft protection and medical data monitoring. It’s not automatic—even though it’s free.

Can I Get Both Cash And Identity Monitoring?

Yes. Every class member who files a valid claim receives identity monitoring regardless of which cash option they choose.

When Is The Absolute Deadline?

Claims must be submitted online or postmarked by April 16, 2026. The objection and opt-out deadline is earlier: March 17, 2026.

How Much Will I Actually Get?

If you choose documented losses and have receipts, up to $5,000. If you choose the flat payment, approximately $100, but this amount may increase or decrease based on total valid claims submitted and money remaining after documented loss claims.

Last Updated: February 9, 2026

Disclaimer: This article provides information about the Gryphon Healthcare data breach settlement based on court filings and settlement administrator documents. It is not legal advice. For case-specific questions, contact the settlement administrator at 833-647-8963.

Next Steps: File your claim at GryphonHealthcareDataSettlement.com before April 16, 2026. Gather receipts for documented losses or simply file for the $100 flat payment.

Stay informed, stay protected. — AllAboutLawyer.com

About the Author

Sarah Klein, JD

Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah

Leave a Reply

Your email address will not be published. Required fields are marked *