$900K Datavant Data Breach Settlement, Was Your Health Data Exposed? Here Is How to Claim Up to $5,000 Before Aug 18

The Datavant Data Breach Settlement is a class action where individuals whose personal information may have been exposed in a May 2024 phishing attack on Ciox Health, LLC d/b/a Datavant Group can receive up to $5,000 for documented losses — or a no-proof cash payment — by filing a claim before August 18, 2026. Datavant agreed to pay $900,000 to resolve allegations it failed to protect sensitive health and personal data belonging to approximately 58,309 people.

Quick Facts

Field	Detail
Settlement Amount	$900,000
Claim Deadline	August 18, 2026
Who Qualifies	Individuals notified that their personal information may have been compromised in the May 2024 Datavant data security incident
Cash Payment A	Up to $5,000 for documented out-of-pocket losses (proof required)
Cash Payment B	Pro rata alternative cash payment — no proof required (exact amount depends on total claims filed)
Additional Benefit	One year of expanded identity theft and fraud monitoring with single-bureau credit monitoring
Proof Required	For Cash Payment A only — receipts, bank statements, or invoices; Cash Payment B requires no documentation
Settlement Status	Preliminarily Approved — April 17, 2026
Administrator	Kroll Settlement Administration LLC — (833) 754-9441
Official Website	DatavantDataIncidentSettlement.com
Last Updated	May 22, 2026

Current Status

• The settlement received preliminary approval on April 17, 2026 from the Superior Court of Arizona in Maricopa County.
• The claim deadline is August 18, 2026. The opt-out and objection deadline is July 20, 2026.
• The Final Approval Hearing is scheduled for September 4, 2026. Payments will be distributed only after final approval and any appeals are resolved.

What Is the Datavant Lawsuit About? Jackson v. Ciox Health, LLC d/b/a Datavant Group, No. CV2025-062690

This case is pending in the Superior Court of Arizona in Maricopa County. Plaintiff Jackson filed the class action alleging that Ciox Health, LLC d/b/a Datavant Group violated consumer protection laws and was negligent in failing to protect sensitive personal information from a foreseeable phishing email attack.

Here is what happened: On or around May 8–9, 2024, an unauthorized actor used a phishing email to gain access to a Datavant employee’s email account. Datavant identified and resolved the attack the same day, but forensic investigators later determined — by around August 8, 2024 — that the compromised mailbox contained the private information of tens of thousands of people. The personally identifiable information (PII) and protected health information (PHI) potentially exposed included names, dates of birth, home addresses, contact information, Social Security numbers, driver’s license numbers, passport numbers, financial account details, and health-related data.

Related article: $2M Bestway Spa Pump Class Action Settlement, Did You Buy a Recalled Pump? Here Is How to Claim Up to $75 Before August 17

Datavant Group operates as a healthcare data accessibility platform that connects hospitals, health systems, and health information management companies. Because of the sensitivity of the data it handles, the lawsuit argues Datavant had a heightened duty to maintain stronger cybersecurity defenses. A similar phishing-attack data breach involving patient data led to the CAMC $1 million data breach settlement, where healthcare workers’ and patients’ email-exposed data triggered the same legal theory of negligent data security.

Datavant denies all wrongdoing and settled solely to avoid the expense and uncertainty of continued litigation. The court has made no ruling on the merits.

Who Qualifies for the Datavant Data Breach Settlement?

You may qualify if:

• You received a notice from Datavant (or Ciox Health) stating your personal information may have been compromised in the May 2024 data security incident
• Your personal information was in the affected employee email account accessed during the May 8–9, 2024 phishing attack
• Approximately 58,309 individuals are covered by this settlement — if you are one of them, Datavant’s records identify you as a class member

You are likely NOT included if:

• You never received a breach notification from Datavant or Ciox Health regarding this specific May 2024 incident
• Your data was exposed in a different Datavant or Ciox Health incident — this settlement covers only the May 2024 phishing event

If you received a notice but misplaced it, call Kroll Settlement Administration at (833) 754-9441 to confirm your class member ID and eligibility. You will need your class member ID from your notice letter to access the online claim portal.

How Much Can You Get from the Datavant Settlement?

The settlement offers three separate benefits. You can choose the ones that best fit your situation — and you can combine the cash payment with the credit monitoring enrollment.

Cash Payment A — Documented Losses (Up to $5,000)

This is the higher-value option for anyone who can prove real financial harm. Eligible expenses include:

• Telephone and internet charges spent dealing with the breach
• Costs of purchasing credit reports or credit monitoring services between May 9, 2024 and August 18, 2026
• Fees for fraud resolution services or identity theft protection
• Unreimbursed fraudulent charges on your accounts
• Other documented monetary losses fairly traceable to the breach

You must submit supporting documentation — receipts, bank or credit card statements, invoices — for every expense you claim. The data breach compensation ceiling is $5,000 per person.

Cash Payment B — Alternative Pro Rata Cash (No Proof Required)

If you cannot document losses or simply prefer a simpler path, you can file for a flat pro rata cash payment from the net settlement fund instead. The exact dollar amount is TBD — it depends on how many class members file valid claims after all documented-loss payments and fees are deducted. With roughly 58,309 class members, the pro rata amount will likely be modest, similar to other single-employer phishing-breach settlements. See the Alera Group $2M data breach settlement for a comparable pro rata structure where the no-proof payment was estimated around $50.

Expanded Identity Theft and Fraud Monitoring (All Class Members)

Every qualifying class member who files a claim can also enroll in one year of expanded identity theft and fraud monitoring, which includes single-bureau credit monitoring. If you previously accepted credit monitoring from Ciox Health after the breach, submitting a claim now entitles you to one additional year of the expanded service.

How to File Your Datavant Data Breach Claim

Step 1 — Locate your class member ID from the notice letter Datavant mailed you. You need this to access the online portal.

Step 2 — Visit DatavantDataIncidentSettlement.com and start your claim form online, or download a paper form to mail.

Step 3 — Enter your personal information and confirm your identity as a class member.

Step 4 — Choose your benefit:

• Cash Payment A — enter your documented losses and upload supporting documents (receipts, statements, invoices)
• Cash Payment B — select the no-proof alternative cash payment
• Identity monitoring — check the box to enroll in one year of expanded fraud monitoring (can be selected alongside either cash option)

Step 5 — Submit your claim online by August 18, 2026, or mail a completed paper form postmarked no later than August 18, 2026 to:

Datavant Data Security Incident Litigation c/o Kroll Settlement Administration LLC P.O. Box 5324 New York, NY 10150-5324

Step 6 — Save your confirmation. If you submitted online, save your confirmation number. If mailing, keep a copy of everything and your postmark receipt.

Estimated time to complete: 10–20 minutes depending on whether you are documenting losses.

Important Dates

Milestone	Date
Data Breach Occurred	May 8–9, 2024
Investigation Concluded	August 8, 2024
Preliminary Approval	April 17, 2026
Opt-Out / Objection Deadline	July 20, 2026
Claim Filing Deadline	August 18, 2026
Final Approval Hearing	September 4, 2026
Expected Payment Date	TBD — after final approval and resolution of any appeals

Frequently Asked Questions

Is there a class action lawsuit against Datavant for a data breach? 

Yes. Jackson v. Ciox Health, LLC d/b/a Datavant Group, No. CV2025-062690, is pending in the Superior Court of Arizona in Maricopa County. It alleges Datavant failed to protect the personal and health data of 58,309 people from a May 2024 phishing attack.

How do I know if I am part of the Datavant data breach settlement? 

If you received a letter from Datavant or Ciox Health notifying you that your personal information may have been compromised in the May 2024 data security incident, you are likely a class member. You can also call Kroll at (833) 754-9441 to confirm eligibility using your name and address.

How to file a Datavant settlement claim without proof? 

Choose Cash Payment B on the claim form. This is the alternative pro rata cash option — you select it in lieu of the documented-loss claim and no receipts or statements are required. You still need your class member ID from your notice letter to file.

Do I need a lawyer to file a Datavant data breach claim?

 No. You can file directly at DatavantDataIncidentSettlement.com without hiring a data breach compensation attorney. Class counsel represents all settlement class members at no cost to you. The court will award up to $315,000 in total attorneys’ fees from the settlement fund — not from your pocket.

When will I receive my payment? 

Payments will be distributed after the court grants final approval at the September 4, 2026 hearing and after any appeals are resolved. TBD — no specific payment timeline has been set yet; allow several months after the September hearing.

What if I missed the claim deadline?

 If you do not file by August 18, 2026, you will not receive any payment. Unless you opt out by July 20, 2026, you remain bound by the settlement and release your claims against Datavant for this incident.

What personal data was exposed in the Datavant breach?

 The forensic investigation determined that the compromised email mailbox may have contained names, addresses, dates of birth, contact information, Social Security numbers, driver’s license and passport numbers, financial account information, and health-related data. Not every individual had all categories exposed.

Will my settlement payment be taxed? 

Possibly. Tax treatment of personal data stolen settlement payments varies based on the nature of the claim. Payments for documented financial losses may be treated differently than pro rata cash payments. Consult a tax professional about your specific situation — neither Kroll nor class counsel can advise you on taxes.

Sources & References

• Official Court-Authorized Settlement Notice — PR Newswire / Kroll Settlement Administration (May 20, 2026)
• Official Settlement Website — DatavantDataIncidentSettlement.com
• Federman & Sherwood — Ciox Health / Datavant Breach Investigation Details (February 2025)

Prepared by the AllAboutLawyer.com Editorial Team and reviewed for factual accuracy against the official court-authorized Kroll Settlement Administration notice published May 20, 2026, and the official settlement website DatavantDataIncidentSettlement.com. Last Updated: May 22, 2026

Disclaimer: This article is for informational purposes only and does not constitute legal advice. Legal claims and outcomes depend on specific facts and applicable law. For advice regarding a particular situation, consult a qualified attorney.