Granite Wellness Centers Data Breach Settlement, Claims & Eligibility
Quick Facts
- Lawsuit type: Data breach class action
- Defendant: Granite Wellness Centers (GWC), a network of drug addiction treatment centers in Northern California
- Case name: Bente, et al. v. Granite Wellness Centers
- Status: Preliminary approval granted; claims period open
- Who may be affected: U.S. residents who were GWC patients and whose personal or health information may have been accessed during the January 2021 breach
- What was compromised: Names, dates of birth, addresses, Social Security numbers, driver’s license numbers, bank account numbers, health insurance information, treatment records, and medical histories
- Settlement amount: $725,000
- Claim deadline: April 27, 2026
- Official settlement website: GraniteWellnessDataSettlement.com
Granite Wellness Centers agreed to a $725,000 class action settlement to resolve claims arising from a January 2021 ransomware attack that exposed sensitive patient data. The organization detected the ransomware attack on or around January 5, 2021, and notified affected individuals on or around March 5, 2021. The court granted preliminary approval to the settlement on November 12, 2025. Eligible class members must submit a claim by April 27, 2026 to receive benefits. The final fairness hearing is scheduled for April 28, 2026.
What Was the Data Breach?
Granite Wellness Centers is a network of drug addiction treatment centers in Northern California. The organization detected a ransomware attack on or around January 5, 2021. A forensic investigation confirmed that the ransomware actor acquired files containing sensitive patient data.
The information involved included names, birth dates, home addresses, dates of care, treatment data, care providers, health information, medical insurance details, medical histories, Social Security numbers, driver’s license numbers, and bank account numbers. Up to 15,600 individuals were affected by the incident.
In compliance with the HIPAA Breach Notification Rule, GWC notified affected individuals on or around March 5, 2021.
What Is the Lawsuit About?
The class action lawsuit alleged that Granite Wellness Centers did not implement proper cybersecurity measures to protect sensitive information and prevent an unauthorized party from accessing its systems during the January 2021 data breach.
Plaintiffs claimed that GWC’s failure to secure patient data exposed them to a risk of identity theft, fraud, and other financial and personal harms. The lawsuit sought compensation for affected individuals and required GWC to improve its data security practices going forward.
Who Is Affected?
The settlement covers all individuals residing in the United States whose personally identifying and private health information may have been accessed by an unauthorized third party during the January 2021 data breach.
If you are or were a Granite Wellness Centers patient who was impacted by the data security incident, or if GWC sent you a notice of the data security incident on or around March 6, 2021, you may be eligible for a cash payment through the class action settlement.
California residents who resided in California at any point between January 5, 2021 and April 27, 2026 may be eligible for an additional payment under California-specific statutory provisions.
Legal Claims
The class action brought several legal claims against Granite Wellness Centers, based on its alleged failure to protect patient data. In plain terms:
Negligence means plaintiffs claimed GWC failed to take reasonable steps to secure its computer systems, exposing patient data to foreseeable harm.
Negligence per se means plaintiffs alleged GWC violated specific laws or regulations — such as HIPAA — and that those violations automatically constitute negligent conduct.
Breach of implied contract means plaintiffs argued that when they became patients, GWC implicitly promised to keep their personal and health information safe, and the breach violated that promise.
Unjust enrichment means plaintiffs alleged GWC benefited financially from patients without providing the level of data security those patients reasonably expected and paid for as part of their care.
The settlement includes no admission of wrongdoing or liability by Granite Wellness Centers.
Related Article: Ozempic Vision Loss Lawsuit, Claims, MDL Status & Eligibility
Settlement Status
The court granted preliminary approval to the Granite Wellness Centers data breach settlement on November 12, 2025. The case is now in an active claims period. Affected individuals can submit a claim form through April 27, 2026.
The settlement has not yet received final court approval. The court will determine whether to grant final approval at a hearing scheduled for April 28, 2026. Compensation will begin to be distributed to consumers only after final approval is granted and any appeals have been resolved.
The deadline to opt out of or object to the settlement is March 28, 2026.
Settlement Details
Total settlement fund: $725,000. The fund covers attorneys’ fees of up to 33.33 percent of the settlement fund, litigation expenses of up to $20,000, service awards of up to $2,000 per class representative, and payments to class members.
Settlement administrator: Angeion Group
Official website: GraniteWellnessDataSettlement.com
Benefit Options for Class Members
Class members may choose from the following benefit options:
Option 1 — Reimbursement for documented losses: Class members who submit a claim form with documented proof of out-of-pocket losses traceable to the data breach are eligible to receive a one-time cash payment of up to $5,000. Reimbursable expenses include costs related to identity theft or fraud and credit monitoring services or credit reports purchased after the breach.
Option 2 — Pro rata cash payment: Class members may file a claim for a cash payment pro-rated to be approximately $750 per class member. The actual payment amount may be higher or lower depending on the number of claims submitted.
California residents — Additional payment: Individuals who were California residents at the time of the data breach may file a claim for an additional $100 statutory cash payment.
Business practice changes: As part of the settlement, GWC has agreed to implement business practice changes to better secure the personal information stored in its servers, including limiting internal access to data, system security assessments, recovery plans, firewalls, and new security training.
How to File a Claim
To submit a claim online, class members can visit GraniteWellnessDataSettlement.com and enter the Notice ID and confirmation code listed on their settlement notice. Alternatively, class members can download a PDF of the claim form from the settlement site, fill it out, and return it by mail. All claim forms must be submitted online or by mail by April 27, 2026. Consumers who believe they may be a class member but did not receive a notice can contact the settlement administrator to confirm their identity and obtain their login information.
Class members may elect to receive their cash payouts via check or electronic payment. All checks must be cashed within 120 days of issuance before expiration.
What This Means for Affected Consumers
This settlement provides a way for current and former Granite Wellness Centers patients to receive compensation for potential harm caused by the January 2021 ransomware attack. The breach exposed highly sensitive information — including Social Security numbers, financial account data, and health and treatment records — that can be used in identity theft and fraud schemes.
Consumers who received a breach notice from GWC in March 2021 should verify whether they are covered under the settlement class and consider filing a claim before the April 27, 2026 deadline. Even without a notice, patients who believe their data may have been affected can contact the settlement administrator through the official settlement website to check eligibility.
Regardless of whether a consumer files a claim, it remains a sound practice to monitor credit reports and financial accounts for unauthorized activity. Free credit reports are available at AnnualCreditReport.com. Consumers can also place a free credit freeze with each of the three major credit bureaus — Equifax, Experian, and TransUnion.
This case is part of a wider pattern of data breach class actions against healthcare providers. Courts have consistently found that patients whose highly sensitive health and financial data is exposed have a viable basis to seek compensation when organizations allegedly fail to maintain adequate cybersecurity.
Key Dates
| Event | Date |
| Ransomware attack detected | January 5, 2021 |
| Affected individuals notified | On or around March 5–6, 2021 |
| Preliminary settlement approval | November 12, 2025 |
| Settlement administrator announcement | January 26, 2026 |
| Opt-out / objection deadline | March 28, 2026 |
| Claim filing deadline | April 27, 2026 |
| Final fairness hearing | April 28, 2026 |
Frequently Asked Questions
What data was compromised in the Granite Wellness Centers breach?
The breach exposed names, dates of birth, home addresses, Social Security numbers, driver’s license numbers, bank account numbers, health insurance information, treatment dates, care providers, medical histories, and health information. Up to 15,600 patients were potentially affected.
Who is eligible for the settlement?
U.S. residents who were GWC patients and whose personal or health information may have been accessed during the January 2021 breach are potentially eligible. Patients who received a breach notice from GWC around March 2021 are likely covered. Contact the settlement administrator to confirm eligibility.
Has the settlement been approved by the court?
The court granted preliminary approval on November 12, 2025. Final approval has not yet been granted. The final fairness hearing is scheduled for April 28, 2026. Payments will not be distributed until after final approval.
Am I eligible if I did not receive a notice?
Potentially. Patients who believe their information was part of the breach but did not receive a notice can contact the settlement administrator through GraniteWellnessDataSettlement.com to verify eligibility and obtain a claim filing code.
Is a claim form required to receive a payment?
Yes. Class members must submit a valid, timely claim form — either online at GraniteWellnessDataSettlement.com or by mail — to receive any benefit from the settlement. The deadline to submit is April 27, 2026.
What is the claim deadline?
The claim filing deadline is April 27, 2026. Claims submitted after this date will not be eligible for payment. The deadline to opt out of or object to the settlement is March 28, 2026.
Where is the official settlement website?
The court-approved settlement website is GraniteWellnessDataSettlement.com. That site contains the official claim form, eligibility information, and contact details for the settlement administrator, Angeion Group.
What benefits are available to class members?
Class members can choose between a documented-loss reimbursement of up to $5,000 (with supporting documentation) or a pro rata cash payment of approximately $750. California residents may also be eligible for an additional $100 statutory payment. GWC has also agreed to implement security improvements.
Last Updated: February 28, 2026
This article is for informational purposes only and does not constitute legal advice. Settlement eligibility and litigation outcomes depend on specific facts and applicable law. For questions regarding this data breach or settlement, consult official settlement resources or a qualified attorney. Information in this article is current as of the last update date and may change as the case proceeds or settlement is administered.
About the Author
Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah