Capital Health Systems $4.5M Data Breach Settlement, File Your Claim By April 6, 2026 For Up To $5,000 Cash Payment
Capital Health Systems agreed to pay $4.5 million to settle a class action lawsuit over a November 2023 cyberattack that exposed private information of patients, former patients, guarantors, and employees. If your data was compromised between November 11-26, 2023, you can claim up to $5,000 for documented losses or receive a pro-rata cash payment without documentation. The claim deadline is April 6, 2026, and payments will be distributed after the July 14, 2026 final approval hearing.
What Happened In The Capital Health Data Breach?
Between November 11 and November 26, 2023, Capital Health Systems experienced a cybersecurity incident when an unauthorized third party gained access to IT systems containing sensitive personal information.
Capital Health Systems operates hospitals in Trenton and Hopewell, New Jersey, serving the Mercer County area. During a 15-day IT systems outage, hackers potentially accessed files containing patient and employee data stored on the company’s servers.
The compromised information included names, addresses, dates of birth, Social Security numbers, email addresses, telephone numbers, clinical information, and potentially other data. Capital Health discovered the breach on November 26, 2023, and began notifying affected individuals in February 2024.
Who Was Affected By The Capital Health Systems Cyberattack?
The settlement class includes all persons whose private information was potentially compromised during the November 2023 data incident. This covers patients who received treatment at Capital Health facilities, former patients with medical records in the system, guarantors responsible for patient accounts, and employees whose information was stored in Capital Health IT systems during the breach period.
If you received a notice from Capital Health Systems about the data breach, you are automatically part of the settlement class. The breach affected individuals across multiple states, though the majority were New Jersey residents served by Capital Health’s Mercer County hospitals.
What Legal Claims Were Made Against Capital Health?
On December 5, 2023, Bruce Graycar and other plaintiffs filed a class action lawsuit in the U.S. District Court for the District of New Jersey (Case No. 3:23-CV-1418-L23234-MAS-JTQ).
The lawsuit alleged Capital Health Systems failed to adequately protect sensitive data, leading to potential identity theft, fraud, and other harms. Specific claims included negligence for not implementing proper cybersecurity measures, breach of contract for failing to safeguard patient information as promised, breach of fiduciary duty owed to patients and employees, unjust enrichment from collecting data without adequate protection, and violation of the New Jersey Consumer Fraud Act.
Capital Health Systems denied all wrongdoing but agreed to settle to avoid the risk, cost, and uncertainty of continued litigation.
How Much Money Can You Get From The Capital Health Settlement?
The $4.5 million settlement fund provides multiple payment options for eligible class members.
Cash Payment For Documented Out-Of-Pocket Losses
You can claim up to $5,000 for documented, unreimbursed out-of-pocket losses directly related to the data breach. Eligible expenses include credit monitoring or identity theft protection services you purchased, costs to freeze or unfreeze credit reports, fees paid to banks or credit card companies due to fraudulent charges, professional fees like attorney or accountant costs for resolving identity theft, time spent dealing with the breach (up to 4 hours at $20 per hour for a maximum of $80), postage and mailing costs, phone charges and long-distance fees, and costs for obtaining credit reports.
Documentation is required. You must provide receipts, invoices, bank statements, or other clear proof that expenses resulted from the Capital Health data breach.
Pro-Rata Cash Payment Without Documentation
If you don’t have documented losses, you can claim a pro-rata share of the remaining settlement fund. This option requires no documentation or proof of harm.
The exact payment amount depends on how many people file claims. After deducting settlement administration costs, attorneys’ fees (up to 33% of the settlement fund), and service awards for class representatives, the remaining money gets divided equally among all valid claims.
Based on similar healthcare data breach settlements, pro-rata payments typically range from $15 to $100 per person, though this varies significantly based on claim volume.
Two Years Of Free Credit Monitoring Services
All settlement class members can enroll in two years of complimentary credit monitoring and identity theft protection services, regardless of whether they file a cash claim.
The credit monitoring includes dark web monitoring to detect if your personal information appears in criminal marketplaces, identity theft insurance with up to $1 million in coverage, fraud resolution assistance from U.S.-based specialists, and credit report monitoring to alert you of suspicious activity.
How To File Your Capital Health Settlement Claim
Filing a claim requires following specific procedures by the April 6, 2026 deadline.
Where To File Your Claim Online
The official settlement website is capitalhealthdatabreachsettlement.com. This is the only authorized portal for submitting claims.
To file online, you’ll need the 10-character alphanumeric Unique ID and 4-digit PIN included on the postcard notice you received by mail. If you didn’t receive a Unique ID and PIN, you can download a paper claim form from the Documents page and mail it to the settlement administrator.
Navigate to the claim submission page, enter your Unique ID and PIN, complete the claim form with your current contact information, choose your payment option (documented losses or pro-rata payment), upload supporting documentation if claiming documented losses, and submit before April 6, 2026 at 11:59 PM.
After submitting your claim online, you’ll receive an email confirmation with a confirmation code. Save this email—you’ll need it if questions arise about your claim.
How To File Your Claim By Mail
Download the claim form from capitalhealthdatabreachsettlement.com, complete all required fields including your name, current address, phone number, and email, attach documentation for any out-of-pocket losses you’re claiming, make copies for your records (submitted documents won’t be returned), and mail the completed form postmarked no later than April 6, 2026 to:
Capital Health Data Breach Litigation Settlement Administrator
PO Box 4008
Portland, OR 97208-4008
Important: Claims submitted after April 6, 2026 will be deemed untimely and will not be accepted. There are no extensions to this deadline.
What Documentation Do You Need To Submit?
If claiming reimbursement for out-of-pocket losses, you must provide clear, readable documentation proving each expense.
Acceptable documents include receipts or invoices for credit monitoring services, bank statements showing fraudulent charges or fees, correspondence with creditors about identity theft, professional service bills from attorneys or accountants, credit report purchase confirmations, and time logs documenting hours spent resolving breach-related issues.
Documents must be under 20 MB per file and in one of these formats: JPG, JPEG, PNG, GIF, TIF, TIFF, DOC, DOCX, XLS, XLSX, PDF, TXT, RTF, or ZIP.
You may redact unrelated transactions and all but the first four and last four digits of any account numbers. The settlement administrator may contact you to request additional documents to process your claim.
Who To Contact With Questions About Your Claim
The settlement administrator can answer questions about claim status, eligibility, payment amounts, and submission procedures.
Phone: 1-888-873-4996 (toll-free)
Settlement Website: capitalhealthdatabreachsettlement.com
If you move or change contact information after submitting your claim, notify the settlement administrator immediately. It’s your responsibility to keep your contact information current to receive payment.
What You Must Know About The Capital Health Data Breach Settlement Timeline
Understanding the settlement timeline helps you plan when to expect payment.
Key Settlement Dates And Deadlines
March 9, 2026: Deadline to opt out of the settlement or object to its terms
April 6, 2026: Final deadline to submit claim forms online or postmark mailed claims
July 14, 2026, 11:00 AM: Final approval hearing at U.S. District Court for the District of New Jersey
The court will decide whether to approve the settlement at the final hearing. If approved, payments will be distributed after all appeals are resolved.
When Will You Receive Your Settlement Payment?
Payment distribution begins after the settlement receives final court approval and all appeals are exhausted. This typically occurs 60-90 days after the July 14, 2026 final approval hearing.
If no appeals are filed, expect payments in September or October 2026. If objections or appeals delay final approval, payments could be delayed until early 2027.
Payments are issued by check mailed to the address you provided on your claim form. This is why keeping your contact information current with the settlement administrator is critical.
What Happens If You Don’t File A Claim?
If you’re a settlement class member but fail to submit a claim form by April 6, 2026, you will receive nothing from the settlement. However, you’ll still be bound by the settlement agreement, meaning you give up your right to sue Capital Health Systems separately over this data breach.
Filing a claim is the only way to receive compensation or credit monitoring services from this settlement.
Why Healthcare Data Breaches Like Capital Health Matter
The Capital Health settlement reflects broader trends in healthcare cybersecurity litigation and patient data protection.
How Capital Health Compares To Other Healthcare Data Breach Settlements
The $4.5 million settlement places Capital Health in the mid-range of recent healthcare data breach recoveries. For comparison, similar 2025-2026 settlements include the WebTPA data breach settlement at $13.75 million affecting 2.4 million people, Hypertension Nephrology Associates at $625,000 for 39,491 patients, and Asheville Arthritis and Osteoporosis Center at $500,000 for 58,251 patients.
Settlement amounts typically correlate with the number of affected individuals, the sensitivity of compromised data (Social Security numbers increase value), the delay between breach occurrence and notification, and the strength of plaintiffs’ legal claims under state and federal privacy laws.
Capital Health’s relatively quick settlement—reached within 18 months of the breach—suggests the company wanted to limit reputational damage and legal exposure.
What Legal Standards Healthcare Providers Must Meet
Healthcare organizations handling protected health information face heightened legal obligations under HIPAA (Health Insurance Portability and Accountability Act) and state data breach notification laws.
Under HIPAA, covered entities must implement administrative, physical, and technical safeguards to protect electronic protected health information. The breach notification rule requires notification to affected individuals within 60 days of discovering a breach.
New Jersey’s data breach notification statute requires businesses to disclose breaches of computerized records containing personal information to affected New Jersey residents. The law defines personal information to include Social Security numbers, driver’s license numbers, and financial account information.
Capital Health’s 2-3 month delay between the November 2023 breach and February 2024 notifications met HIPAA requirements but formed part of the legal claims alleging inadequate response.
Common Misconceptions About Healthcare Data Breach Settlements
Many affected individuals misunderstand how settlements work and what they can expect. The settlement doesn’t guarantee any specific payment amount—your actual payout depends on total claims filed and fund deductions.
Filing a claim doesn’t mean you suffered identity theft or will definitely experience fraud in the future. The settlement compensates potential harm and provides protective services.
Receiving settlement payment doesn’t prevent you from being a victim of identity theft using the stolen data. Hackers may use compromised information years after a breach. This is why the two-year credit monitoring is valuable even if you don’t file a cash claim.
The settlement doesn’t compensate you for medical records or health information exposure beyond the claim amounts specified. Emotional distress, privacy violations, and future risk typically aren’t separately compensated in data breach settlements.
Why You Should Still Monitor Your Credit After The Settlement
Even after receiving settlement payment, the compromised data remains at risk. Stolen Social Security numbers, birth dates, and addresses never expire—criminals can use them indefinitely.
Continue monitoring your credit reports for suspicious activity, consider placing fraud alerts with credit bureaus (Experian, Equifax, TransUnion), review medical insurance explanation of benefits statements for unfamiliar charges, and report any suspected identity theft to the Federal Trade Commission at IdentityTheft.gov.
The settlement’s two-year credit monitoring provides protection during the highest-risk period, but vigilance should continue beyond that timeframe.
What To Do Next If You’re Part Of The Capital Health Settlement
Taking action before the April 6, 2026 deadline ensures you receive available benefits.
Step-By-Step Instructions For Filing Your Claim Right Now
Locate the postcard notice from Capital Health with your Unique ID and PIN (or download the paper claim form if you don’t have this), visit capitalhealthdatabreachsettlement.com and navigate to the claim submission portal, gather documentation for any out-of-pocket expenses you’re claiming, complete the online claim form or paper form with accurate current contact information, upload supporting documents if claiming documented losses, and submit your claim before April 6, 2026.
Keep confirmation emails and copies of submitted documents for your records.
How To Verify If You’re Eligible For The Settlement
You’re eligible if your private information was potentially compromised in the Capital Health Systems data breach between November 11-26, 2023. This includes patients, former patients, guarantors, and employees.
If you received a breach notification letter or postcard from Capital Health or the settlement administrator, you’re automatically a settlement class member. If you’re unsure whether you received notice, contact the settlement administrator at 1-888-873-4996 to verify your eligibility.
Capital Health Systems operates Capital Health Medical Center-Hopewell in Pennington, New Jersey, and Capital Health Regional Medical Center in Trenton, New Jersey. If you received treatment at either facility or had records in their systems during 2023, you may be affected.
When To Consult An Attorney About Your Data Breach Claim
Most settlement claims don’t require attorney assistance—the process is designed for individual claimants to navigate independently. However, consultation may be appropriate if you suffered significant documented losses exceeding $5,000 and want to pursue separate litigation, you believe the settlement terms are inadequate and want to object at the final approval hearing, or you experienced severe identity theft or financial harm and need guidance on additional legal options.
Class counsel representing the settlement can be contacted through the settlement website if you have complex questions about the legal claims or settlement structure. For personal legal advice about your specific situation, consult a privacy or consumer protection attorney in your state.
Where To Learn More About Healthcare Data Breach Rights
Understanding your rights after a healthcare data breach helps you make informed decisions about protective measures and legal options.
The U.S. Department of Health and Human Services Office for Civil Rights provides resources at HHS.gov/ocr/privacy about HIPAA rights and breach notification requirements. The Federal Trade Commission offers identity theft recovery guidance at IdentityTheft.gov.
For information about other recent healthcare data breach settlements, the Nelnet data breach settlement andNumotion data breach settlement provide comparison points for how similar cases are resolved.
Frequently Asked Questions About The Capital Health Systems Settlement
Who is eligible to file a claim in the Capital Health Systems settlement?
All persons whose private information was potentially compromised in the November 11-26, 2023 data breach are eligible. This includes Capital Health patients, former patients, guarantors, and employees. If you received a breach notification from Capital Health or the settlement administrator, you’re automatically a settlement class member and can file a claim.
What is the deadline to file a Capital Health data breach claim?
The claim deadline is April 6, 2026. Claims must be submitted online by 11:59 PM on April 6, 2026, or postmarked by mail no later than April 6, 2026. Claims submitted after this deadline will not be accepted, and there are no extensions.
How much money will I receive from the Capital Health settlement?
Payment amounts depend on which option you choose and how many claims are filed. You can claim up to $5,000 for documented out-of-pocket losses with proof, or receive a pro-rata cash payment without documentation (estimated $15-$100 based on similar settlements). All class members can also enroll in two years of free credit monitoring regardless of cash payment option.
Do I need proof or documentation to file a Capital Health settlement claim?
It depends on which payment option you choose. If claiming the pro-rata cash payment, no documentation is required. If claiming reimbursement for out-of-pocket losses up to $5,000, you must provide receipts, invoices, bank statements, or other proof that expenses were caused by the data breach.
Where do I file my Capital Health data breach settlement claim?
File online at capitalhealthdatabreachsettlement.com using the Unique ID and PIN from your notice, or mail a completed paper claim form to Capital Health Data Breach Litigation Settlement Administrator, PO Box 4008, Portland, OR 97208-4008. The settlement administrator can be reached at 1-888-873-4996 with questions.
When will I receive my settlement payment from Capital Health?
Payments will be distributed approximately 60-90 days after the final approval hearing on July 14, 2026, once all appeals are resolved. If no appeals are filed, expect payments in September or October 2026. If appeals delay final approval, payments could arrive in early 2027.
What happens if I don’t file a claim by the April 6, 2026 deadline?
If you don’t submit a claim by April 6, 2026, you will receive no payment or credit monitoring services from the settlement. However, you’ll still be bound by the settlement agreement and give up your right to sue Capital Health Systems separately over this data breach. Filing a claim is required to receive any benefits.
Last Updated: January 26, 2026
Disclaimer: This article provides general information about the Capital Health Systems data breach settlement and is not legal advice—individuals seeking claim assistance or case-specific guidance should consult qualified attorneys or contact the settlement administrator directly.
Don’t wait until the last minute to file your claim. With the April 6, 2026 deadline approaching, take action now to ensure you receive your settlement benefits and protect your identity with free credit monitoring services.
Stay informed, stay protected. — AllAboutLawyer.com
About the Author
Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah