Charleston Area Medical Center $1M Data Breach Settlement, Are You Eligible for Up to $6,080 Before  June 10, 2026?

Charleston Area Medical Center Inc. agreed to pay $1,000,000 to settle a class action lawsuit filed after an October 2024 email phishing attack exposed the personal, medical, and financial information of more than 67,000 patients and individuals. If you received a data breach notice from CAMC in February 2025, you may be eligible to claim up to $6,080 in cash payments. The claim deadline is June 10, 2026.

Quick Facts

Field	Detail
Settlement Amount	$1,000,000
Claim Deadline	June 10, 2026
Who Qualifies	Individuals who received a CAMC breach notice letter in February 2025 about the October 2024 data incident
Payout Per Person	Up to $6,000 (documented losses) + up to $80 (attested time) or pro rata cash (no proof required)
Proof Required	Yes for documented losses and attested time; No for pro rata cash option
Settlement Status	Proposed — awaiting final court approval
Administrator	ILYM Group, Inc.
Official Website	CAMCDataIncidentSettlement.com

Current Status & What Happens Next

• The settlement is proposed and awaiting final court approval. The final approval hearing date has not yet been publicly confirmed — check CAMCDataIncidentSettlement.com for updates.
• The claim deadline is June 10, 2026. The opt-out and objection deadlines are TBD — check the official website regularly.
• Payments will go out approximately 60 days after the court grants final approval and resolves any appeals.

What Is the CAMC Data Breach Lawsuit About?

Charleston Area Medical Center is a major healthcare network in Charleston, West Virginia, operating four hospitals — CAMC General, CAMC Memorial, CAMC Women and Children’s, and CAMC Teays Valley — and serving patients across the region. Between October 2 and October 3, 2024, an unauthorized third party carried out an email phishing attack and gained access to one employee’s email inbox. The compromised inbox contained emails and file attachments with sensitive patient and personal information.

CAMC detected the suspicious activity on October 2, 2024 and immediately launched a forensic investigation. The investigation confirmed the unauthorized access and identified the types of data potentially exposed. CAMC notified more than 67,000 affected individuals by mail beginning in February 2025 — more than four months after the breach first occurred.

Related article: Mizuno USA Data Breach Settlement, Are You a Former Employee Owed Up to $5,000 Claim Before June 15, 2026?

Plaintiffs filed a class action lawsuit, captioned J.T., et al. v. Charleston Area Medical Center Inc., alleging that CAMC failed to adequately safeguard patient and personal information and took too long to notify affected individuals. CAMC denies all allegations and agreed to settle to avoid the cost and uncertainty of continued litigation.

Important: This is a separate and distinct settlement from the earlier Joyce Walker v. Charleston Area Medical Center settlement, which arose from a January 2022 breach and is now closed. If you received a CAMC notice in February 2025 about an October 2024 breach, you are in the right place. If you received a CAMC notice in March 2022 about a January 2022 breach, that earlier settlement has already passed its deadlines.

Who Is Eligible to File a Claim?

The settlement covers all individuals who received an official data breach notification from CAMC about the October 2024 data incident. Specifically:

• You may qualify if CAMC sent you a notice letter in February 2025 stating your personal, medical, or financial information may have been exposed in the October 2024 data breach.
• You may qualify if you are a current or former patient of CAMC whose personal or health information was stored in the affected employee email inbox at the time of the phishing attack.
• You may qualify if CAMC’s records identify you as a class member and you received a settlement notice containing your ILYM ID and passcode.
• You do not qualify based on the 2022 breach — that is a separate, closed settlement. Only the October 2024 breach is covered here.

If you believe you qualify but did not receive a notice, or if you need help locating your ILYM ID and passcode, contact the settlement administrator at (855) 781-0324 or [email protected].

How Much Can You Receive?

The settlement offers three cash payment options. You can combine the attested time payment with either the documented losses option or the pro rata cash option — but you cannot claim both documented losses and pro rata cash at the same time.

Option 1 — Documented Monetary Losses (Up to $6,000) Claim reimbursement for out-of-pocket expenses directly traceable to the October 2024 breach. Covered losses include:

• Unreimbursed fraud or identity theft losses
• Fees for credit monitoring, credit reports, or credit freezes
• Costs to replace government-issued IDs
• Bank fees, postage, or other breach-related expenses
• Other miscellaneous documented financial losses

You must submit supporting documentation — receipts, bank or credit card statements, invoices, or other third-party proof. Losses must have occurred on or after October 2, 2024.

Option 2 — Attested Time (Up to $80) Claim compensation for up to four hours of time spent dealing with the breach at $20 per hour. You must describe the activities you performed and the hours spent. No receipts are required for this option, but your description must be plausible and consistent with actual breach-related activities.

Option 3 — Pro Rata Cash Payment (No Proof Required) If you do not claim documented losses, you may submit a claim for a pro rata cash payment from the net settlement fund after all other claims and costs are paid. The final amount depends on total valid claims filed. No documentation is required — attestation only.

Similar healthcare data breach settlements like the General Physician P.C. $2.5M settlement used the same three-tier structure — documented losses, attested time, and a pro rata cash alternative — which has become the standard framework in patient data breach class actions.

How to File a Claim

Step 1 — Locate your ILYM ID and passcode from the settlement notice CAMC or ILYM Group mailed or emailed to you in early 2026. You will need these to file your claim online.

Step 2 — Visit the official settlement website at CAMCDataIncidentSettlement.com and log in using your ILYM ID and passcode. If you cannot locate your login credentials, call (855) 781-0324 or email [email protected].

Step 3 — Choose your payment option: documented monetary losses (up to $6,000 with proof), attested time (up to $80, no proof), or pro rata cash (no proof required). You may claim attested time alongside either cash option.

Step 4 — If claiming documented losses, upload your supporting documentation — receipts, bank statements, invoices, or other third-party proof of breach-related expenses incurred on or after October 2, 2024.

Step 5 — Review and submit your claim online by June 10, 2026. If filing by mail, complete and sign the paper claim form, and postmark it by June 10, 2026. Mail to: CAMC Data Incident Settlement, c/o ILYM Group Inc., P.O. Box 2031, Tustin, CA 92781.

Step 6 — Save your claim confirmation. Payments go out approximately 60 days after final court approval. Update your mailing address with ILYM Group if you have moved.

Estimated time to complete: 5–15 minutes online (longer if gathering documentation for a monetary loss claim).

Important Deadlines & Dates

Milestone	Date
Data Breach Occurred	October 2–3, 2024
CAMC Detected Breach	October 2, 2024
Affected Individuals Notified	February 2025
Opt-Out Deadline	TBD — check CAMCDataIncidentSettlement.com
Objection Deadline	TBD — check CAMCDataIncidentSettlement.com
Claim Filing Deadline	June 10, 2026
Final Approval Hearing	TBD — check CAMCDataIncidentSettlement.com
Expected Payment Date	~60 days after final approval and resolution of any appeals

Frequently Asked Questions

Do I need a lawyer to file a claim in the CAMC data breach settlement? 

No. ILYM Group, Inc. administers the settlement, and you can file your claim in minutes online at CAMCDataIncidentSettlement.com using your ILYM ID and passcode. Class Counsel represents all class members at no cost. If you want your own attorney, you may hire one at your own expense.

Is the CAMC data breach settlement legitimate?

 Yes. This is a court-supervised class action, captioned J.T., et al. v. Charleston Area Medical Center Inc. The official settlement website is CAMCDataIncidentSettlement.com, administered by ILYM Group, Inc. You can also reach the administrator at (855) 781-0324 or [email protected].

When will I receive my CAMC settlement payment? 

Payments go out approximately 60 days after the court grants final approval and resolves any appeals. The final approval hearing date has not yet been confirmed. Check CAMCDataIncidentSettlement.com regularly for updates on the hearing date and payment timeline.

What if I missed the CAMC claim deadline? 

If you do not submit a valid claim by June 10, 2026, you will not receive a cash payment. Unless you formally opt out, you remain bound by the settlement and give up your right to sue CAMC separately over the claims this settlement covers.

Will my CAMC settlement payment affect my taxes?

 It may. Reimbursements for documented out-of-pocket losses are generally not taxable income. Pro rata cash payments and attested time payments may be treated as ordinary income by the IRS. Consult a tax professional for guidance specific to your situation.

What personal information was exposed in the October 2024 CAMC breach?

 The phishing attack gave an unauthorized party access to one employee’s email inbox. The exposed information may have included names, addresses, dates of birth, Social Security numbers, medical record numbers, health insurance information, diagnosis and treatment information, financial account information, and payment card information. The exact data exposed varies by individual.

Is this the same as the earlier CAMC settlement I heard about?

 No. This settlement covers the October 2024 breach, where CAMC notified affected individuals in February 2025. A separate settlement — Joyce Walker v. Charleston Area Medical Center — covered a different January 2022 breach and its claim deadline has already passed. Make sure you are filing for the correct settlement based on when you received your CAMC notice letter.

I received a CAMC notice but I am not a patient — can I still file a claim?

 Yes. The settlement covers any individual whose personal, medical, or financial information was stored in the affected email inbox — not just patients. If you received an official breach notice from CAMC in February 2025, you are a class member regardless of whether you are a current or former patient, a guarantor, or otherwise associated with CAMC’s records.

Sources & References

• CAMCDataIncidentSettlement.com — Official Settlement Website
• ILYM Group, Inc. — Settlement Administrator
• HHS Office for Civil Rights — Breach Portal: Charleston Area Medical Center (Oct. 2024)

Also see: Proliance Surgeons $4.45M Data Breach Settlement — Patients May Claim Up to $5,000— another healthcare data breach settlement where patients whose personal and medical information was exposed can claim documented losses or a pro rata cash payment with the same June 2026 deadline.

Last Updated: March 22, 2026

Disclaimer: This article is for informational purposes only and does not constitute legal advice. Legal claims and outcomes depend on specific facts and applicable law. For advice regarding a particular situation, consult a qualified attorney.