EMSA Data Breach Settlement, Up to $3,000 Available—Here’s How to Claim Before March 2026

ByAll About Lawyer Reading Time: 8 minutes

Emergency Medical Services Authority agreed to a $1.5 million class action settlement after unauthorized access to patient data between February 10-13, 2024 compromised information for 611,743 people. Affected individuals can claim up to $3,000 for documented losses, $60 for lost time, and two years of free credit monitoring—but must file by March 5, 2026.

What Happened in the EMSA Data Breach

On February 13, 2024, EMSA detected suspicious activity in its IT network. An investigation revealed that an unauthorized party infiltrated the system and accessed files containing sensitive patient information.

The compromised data varied by individual but potentially included:

  • Full names and addresses
  • Dates of birth
  • Social Security numbers
  • Dates of service
  • Primary care provider names

EMSA, Oklahoma’s largest pre-hospital emergency medical service provider serving over 1 million people annually, notified approximately 611,743 patients whose information may have been exposed.

The Class Action Lawsuit: Legal Claims Filed

Plaintiffs filed a class action lawsuit—Quick, et al. v. Emergency Medical Services Authority, Case No. CJ-2024-2470—in the District Court of Oklahoma County.

Core allegations:

  • EMSA negligently failed to implement reasonable cybersecurity measures
  • The organization failed to protect and safeguard sensitive patient information
  • Patients suffered consequences including identity theft risk and financial losses

The lawsuit claimed EMSA should have known its security practices created substantial risk to patients whose data it collected and stored.

Settlement Terms: What EMSA Agreed to Pay

EMSA has not admitted wrongdoing but agreed to pay $1.5 million to resolve the claims and avoid the expense and uncertainty of continued litigation.

Compensation Available to Class Members

Out-of-Pocket Losses (Up to $3,000):

Class members can receive reimbursement for documented, unreimbursed expenses fairly traceable to the breach that occurred between February 10, 2024, and March 5, 2026, including:

  • Bank fees for frozen or closed accounts
  • Credit report fees
  • Credit monitoring or identity theft protection purchased
  • Communication charges (phone bills, postage)
  • Notary and document fees
  • Professional services (attorneys, accountants)
  • Travel expenses related to addressing the breach

Lost Time Compensation (Up to $60):

Class members can claim up to four hours of time spent addressing the breach at $15 per hour. This amount is included within the $3,000 cap. Activities include:

  • Monitoring financial accounts and credit reports
  • Freezing or unfreezing credit
  • Contacting financial institutions
  • Filing police reports or identity theft affidavits
  • Addressing fraudulent transactions

Free Credit Monitoring:

All class members receive two years of single-bureau credit monitoring and identity protection services—completely free and doesn’t reduce cash payments.

EMSA Data Breach Settlement, Up to $3,000 Available—Here's How to Claim Before March 2026

Who Qualifies for the Settlement?

You’re part of the settlement class if you meet all these criteria:

  • You reside in the United States
  • Your private information was potentially compromised in EMSA’s February 2024 data breach
  • EMSA sent you a mailed notice stating the incident may have impacted your information

How to File Your Claim

Online Filing:

  1. Visit https://emsasettlement.com/
  2. Click “Submit a Claim”
  3. Log in using the unique ID and PIN from your settlement notice
  4. Enter your contact information
  5. Upload documentation for any out-of-pocket expenses
  6. Select your preferred payment method
  7. Review and submit

By Mail:

Download and complete the claim form, attach documentation, and mail to:

EMSA Data Incident Claims Administrator
P.O. Box 5414
Portland, OR 97228-5414

Documentation Requirements:

For out-of-pocket losses, provide reasonable documentation such as receipts, bank statements, correspondence, or other records (not self-prepared) showing the unreimbursed loss and its connection to the breach.

For lost time, attest to time spent and describe activities performed.

Critical Deadlines You Cannot Miss

  • Claim Filing Deadline: March 5, 2026
  • Opt-Out/Objection Deadline: February 3, 2026
  • Final Approval Hearing: April 5, 2026 (some sources indicate April 6, 2026)
  • Payment Distribution: Approximately 60 days after final court approval and resolution of any appeals

Missing these deadlines means forfeiting compensation while remaining bound by the settlement.

Legal Implications: What This Means for Data Breach Law

The EMSA settlement reflects broader trends in healthcare data breach litigation:

Negligence Claims Gaining Traction:

Courts increasingly recognize that healthcare organizations collecting and storing sensitive patient data have a duty to implement reasonable security measures. The legal theory holds that companies create foreseeable risk when they fail to protect information they intentionally collect.

Standing Requirements:

While the Supreme Court’s 2021 TransUnion decision requires plaintiffs to show concrete injury rather than mere future risk, courts have found standing when plaintiffs demonstrate they spent time and money mitigating breach consequences—even without actual identity theft.

Settlement Structures:

The $1.5 million EMSA settlement follows a “claims made” structure common in healthcare breaches, where compensation isn’t capped per claimant but the total fund is limited. This differs from “common fund” settlements where a fixed pool covers all claims, fees, and costs.

Negligence Per Se Arguments:

While courts generally hold that HIPAA and the FTC Act don’t create direct private rights of action, these statutes increasingly “inform” the duty standard in negligence claims, strengthening plaintiffs’ arguments.

Comparing EMSA to Other 2024 Healthcare Data Breach Settlements

Watson Clinic – $10 Million Settlement:

Following a February 2024 breach where sensitive medical photographs were sold on the dark web, Watson Clinic agreed to pay up to $75,000 for severe exposure cases. The settlement demonstrates courts recognize varying harm levels based on data sensitivity.

Purpose Financial – $7.75 Million:

This settlement offered similar compensation structures for documented losses and credit monitoring, establishing precedent for financial services data breach accountability.

First Commonwealth Federal Credit Union – $1.2 Million:

Another 2024 settlement providing up to $3,000 for out-of-pocket losses, reinforcing the emerging standard compensation range for data breach victims.

Enhanced Security Measures EMSA Must Implement

Beyond financial compensation, EMSA agreed to implement additional cybersecurity safeguards including:

  • Enhanced monitoring systems
  • Improved access controls
  • Regular security audits
  • Employee training programs
  • Incident response protocol updates

These requirements reflect courts’ increasing focus on forward-looking remedies that prevent future breaches, not just backward-looking compensation.

Your Options: File, Opt Out, or Object

If You File a Claim:

You’ll receive compensation if approved but give up your right to sue EMSA separately for these claims.

If You Opt Out (By February 3, 2026):

You preserve your right to file your own lawsuit but receive nothing from the settlement. Consider this if you believe your damages significantly exceed $3,000.

If You Object (By February 3, 2026):

You can challenge the settlement terms while remaining a class member. Your objection must include:

  • Your name, address, and phone number
  • Case name and number
  • Reasons you object
  • Whether you plan to appear at the hearing
  • Proof of class membership

Send objections to both the settlement administrator and class counsel.

What Legal Experts Say About the Settlement

Data breach attorneys note the EMSA settlement aligns with emerging standards in healthcare breach litigation. The $1.5 million fund reflects the breach’s scope—affecting over 611,000 individuals—while the $3,000 individual cap mirrors settlements in comparable cases.

Legal observers emphasize that settlements like EMSA’s increasingly require not just financial compensation but concrete security improvements, shifting focus from punishment to prevention.

The claims rate will be critical. Historically, data breach settlements see claim rates under 5%, meaning most funds go undistributed. The Ninth Circuit’s recent reversal of attorney fee awards in California Pizza Kitchen Data Breach Litigation (2025) suggests courts are scrutinizing low claim rates more carefully when approving fees.

Contact Information and Resources

Settlement Administrator:

Phone: 1-877-277-7514
Email: [email protected]
Website: https://emsasettlement.com/

Class Counsel:

William B. Federman
FEDERMAN & SHERWOOD

Lisa A. Houssiere
BAKER & HOSTETLER LLP

Kristopher E. Koepsel
RIGGS, ABNEY, NEAL, TURPEN, ORBISON & LEWIS

EMSA Data Breach Settlement, Up to $3,000 Available—Here's How to Claim Before March 2026

Frequently Asked Questions

Q: What if I don’t have receipts for every expense?

A: Provide whatever documentation you have. Bank statements, credit card statements, or correspondence from financial institutions can support claims. Self-prepared documents aren’t accepted, but legitimate records from third parties are sufficient.

Q: Can I claim lost time even without out-of-pocket expenses?

A: Yes. You can claim up to $60 for time spent addressing the breach even without documented monetary losses. However, this amount counts toward your $3,000 total cap.

Q: What if I didn’t experience identity theft or fraud?

A: You can still file a claim for preventative measures like credit monitoring you purchased, time spent monitoring accounts, or other protective actions. You don’t need to prove actual identity theft occurred.

Q: How much will I actually receive?

A: Payment amounts depend on total valid claims submitted. If claims exceed the $1.5 million fund, payments will be reduced proportionally. If fewer claims are filed, individual payments may be higher.

Q: When will I receive payment?

A: The court’s final approval hearing is scheduled for April 2026. After approval and any appeals are resolved, payments will be distributed approximately 60 days later—likely summer or fall 2026.

Q: What if my address changes before payments are distributed?

A: You must notify the claims administrator of any address or contact information changes to ensure you receive your payment.

Q: Do I need to choose between cash and credit monitoring?

A: No. All class members receive the free credit monitoring. Cash payments for out-of-pocket losses or lost time are separate benefits.

Q: Will this affect my taxes?

A: Consult a tax professional. Settlement payments for actual losses typically aren’t taxable income, but compensation for lost time may be. The settlement administrator will provide tax documentation as required.

Q: Can I still sue EMSA separately after receiving settlement money?

A: No. Accepting settlement benefits means you release EMSA from further claims related to this breach. If you want to preserve your right to sue separately, you must opt out by February 3, 2026.

Q: What if I miss the March 5, 2026 deadline?

A: You forfeit all settlement benefits. There are no extensions. File as early as possible to avoid technical issues or mail delays.

What Happens Next: Timeline Through 2026

Now through February 3, 2026: Class members can opt out or object to the settlement

Now through March 5, 2026: Claims must be submitted online or postmarked by mail

April 2026: Final approval hearing where the judge determines if the settlement is fair, reasonable, and adequate

Summer/Fall 2026: If approved, payments distributed approximately 60 days after final approval and resolution of any appeals

2026-2028: Two-year credit monitoring services activated for class members who selected this benefit

Broader Impact on Healthcare Data Protection

The EMSA settlement arrives amid escalating healthcare data breach litigation. The Department of Health and Human Services’ Office for Civil Rights has reported record numbers of healthcare breaches affecting millions of Americans annually.

Courts are establishing clearer standards for what constitutes “reasonable” data security in healthcare contexts. While HIPAA doesn’t create private rights of action, its Security Rule increasingly informs negligence duty standards, giving plaintiffs stronger grounds to argue healthcare organizations failed to meet industry standards.

The trend toward settlements requiring operational security improvements, not just financial compensation, signals courts’ recognition that money alone doesn’t protect future patients. EMSA’s agreement to implement enhanced safeguards may become the template for future healthcare breach settlements.

Take Action Now

If you received a data breach notice from EMSA about the February 2024 incident, don’t wait. With identity theft and medical fraud increasing, claiming these benefits protects your financial future and holds healthcare organizations accountable for data security failures.

The March 5, 2026 deadline is firm. Whether you file a claim, opt out to preserve litigation rights, or object to the settlement terms, make your decision and act before time runs out.

For questions or to confirm your eligibility, contact the claims administrator at 1-877-277-7514 or [email protected].

This article is for informational purposes only and does not constitute legal advice. For specific legal guidance about your situation, consult a qualified attorney. Settlement terms are based on preliminary court approval and may change pending final approval.

About the Author

Sarah Klein, JD

Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah

Leave a Reply

Your email address will not be published. Required fields are marked *