Proliance Surgeons $4.45M Data Breach Class Action Settlement, Claim Deadline is May 28, 2026

Proliance Surgeons, Inc. agreed to pay $4.45 million to settle a class action lawsuit alleging negligence, breach of implied contract, unjust enrichment, and violation of the Washington Consumer Protection Act after a cyberattack exposed the sensitive personal and medical information of current and former patients. 

The ransomware attack occurred on or about February 11, 2023, and affected approximately 437,392 individuals. U.S. residents who received a notice from Proliance Surgeons about the February 2023 data breach may be eligible for up to $5,000 in documented loss reimbursements, a pro rata cash payment of up to $599, and two years of free medical identity-theft protection and monitoring. The claim deadline is May 28, 2026.

Quick Facts

• Lawsuit type: Class action — data breach / negligence / Washington Consumer Protection Act
• Defendant: Proliance Surgeons, Inc., P.S.
• Case name: In re: Proliance Surgeons Data Breach Litigation
• Case number: 23-2-23579-7 SEA
• Court: Superior Court of the State of Washington in and for King County
• Settlement status: Preliminarily approved (pending final approval)
• Settlement fund: $4,450,000
• Who may be affected: U.S. residents whose private information was potentially compromised in the February 11, 2023, data breach and who received notice from Proliance Surgeons
• Estimated class members: ~437,392
• Maximum compensation: Up to $5,000 for documented losses; pro rata cash payment up to $599; two years of medical identity-theft monitoring
• Opt-out / objection deadline: April 28, 2026
• Claim deadline: May 28, 2026
• Final Fairness Hearing: June 26, 2026
• Official settlement website: ProlianceDataSettlement.com
• Administrator: Kroll Settlement Administration LLC

Current Status & What Happens Next

The Proliance Surgeons data breach settlement is currently open for claims and has received preliminary court approval. Here is what is happening now and what comes next:

• Claims open now — eligible class members can file online or by mail
• Opt-out and objection deadline: April 28, 2026
• Claim deadline: May 28, 2026 (online or mail postmark)
• Final Fairness Hearing: June 26, 2026, at 10:00 a.m. PT, in the King County Superior Courthouse, 401 4th Ave. N, Room 4H, Kent, WA 98032 (which may be held remotely)
• Estimated payments timeline: Approximately 60 days after the court grants final approval, anticipated in July or August 2026

To opt out: Mail your written request for exclusion to the Claims Administrator, postmarked no later than April 28, 2026. Opting out is the only option that may allow you to individually sue Proliance Surgeons over the claims being resolved by this settlement.

To object: Send copies of your written objection to Class Counsel and Defendant’s Counsel postmarked no later than April 28, 2026. You may also ask the court for permission to speak at the Final Fairness Hearing on June 26, 2026.

What the Lawsuit Alleges

Proliance Surgeons is a physician-led healthcare organization headquartered in Seattle, Washington, established in 1973. The organization specializes in orthopedics, otolaryngology, general surgery, ophthalmology, and neurosurgery. With more than 400 healthcare providers — including more than 180 board-certified physicians — Proliance Surgeons operates over 100 healthcare facilities across Washington state and serves more than 800,000 patients annually.

On or about February 11, 2023, Proliance Surgeons experienced a ransomware attack — a cyberattack that included the encryption of certain files on the company’s network. A third-party forensic investigation confirmed on May 24, 2023, that unauthorized parties had accessed files containing patients’ personally identifiable information (PII) and protected health information (PHI) and had removed a limited number of files from the network.

The computer files accessed in the breach contained some or all of the following information, which varied by individual: names, Social Security numbers, dates of birth, telephone numbers, financial information, medical information, diagnosis and treatment information, health insurance information, and medical record numbers.

The lawsuit took issue with the length of time Proliance Surgeons took to notify affected patients. The breach was detected on or about February 11, 2023, but it took 102 days to confirm that patient data was involved. Proliance Surgeons then failed to issue notification letters to affected individuals until November 21, 2023 — 283 days after the breach occurred. The lawsuit claimed that plaintiffs and class members were kept in the dark, depriving them of the opportunity to mitigate their injuries in a timely manner.

The lawsuit also referenced an earlier security incident where unauthorized individuals had access to Proliance’s online payment system for seven months between November 2019 and June 2020. The lawsuit argued that two major security breaches in a little over three years demonstrates a pattern of negligence with respect to data security.

Plaintiffs filed the class action asserting claims against Proliance for negligence, breach of implied contract, unjust enrichment, and violation of the Washington Consumer Protection Act. Proliance Surgeons denies all claims. Proliance agreed to settle to avoid the risks and costs of litigation and to provide timely relief to affected individuals.

Who Could Be Included

You are part of the settlement class and may be eligible for benefits if you are a person residing in the United States whose private information was potentially or actually compromised in the February 2023 data security incident, including all those who were sent notice from Proliance Surgeons or its authorized representative concerning the breach.

The U.S. Department of Health and Human Services Office for Civil Rights website reports that the sensitive personal information of 437,392 individuals may have been compromised in the breach.

If you received a postcard notice from Kroll Settlement Administration LLC with a class member ID, you are already identified as an eligible class member. If you believe you are eligible but did not receive a notice, you may still file a claim by mail. Contact the claims administrator at (833) 319-5761 for assistance.

Settlement Details

Total Fund & Breakdown

The total settlement fund is $4.45 million, out of which $1,483,333 is allocated for attorneys’ fees, with the remainder distributed to class members and for administration costs.

What You Could Receive

The settlement provides three categories of benefits, and all class members may submit a claim for any or all of them:

Option 1 — Documented out-of-pocket loss reimbursement (up to $5,000): Class members can claim up to $5,000 for documented out-of-pocket losses that are fairly traceable to the data breach and not reimbursed by a third party. Examples include losses relating to fraud or identity theft, costs of credit monitoring, postage, copying, scanning, faxing, travel, and parking. Supporting documentation such as receipts, bank statements, or other evidence is required. Self-prepared documentation alone is not sufficient.

Option 2 — Pro rata cash payment (up to $599): All class members may submit a claim to receive a pro rata cash fund payment of up to $599. No proof of documented losses is required for this option. The final per-claimant amount depends on the total number of valid claims submitted.

Option 3 — Two years of medical identity-theft protection: All class members may submit a claim for two years of medical identity-theft protection and monitoring services. This service is specifically designed to protect against the misuse of medical credentials and insurance information — the type of sensitive health data most prominently exposed in this breach.

How to File a Claim

• Online: Visit ProlianceDataSettlement.com and click “Submit Claim.” Online claims require the class member ID from the postcard notice received.
• By mail: Download and print the PDF claim form from the settlement website’s Documents page, or call (833) 319-5761 to request a paper copy, and mail to:

In re: Proliance Surgeons Data Breach Litigation c/o Kroll Settlement Administration LLC P.O. Box 5324 New York, NY 10150-5324

• Phone: (833) 319-5761
• Deadline: May 28, 2026 (online by 11:59 p.m. on that date; mail must be postmarked by May 28, 2026)

To file an out-of-pocket loss claim, class members must provide documentation such as receipts, statements, or other evidence showing the charges. To file a pro rata cash payment and/or medical identity-theft protection claim, class members must select the appropriate option on the claim form.

Prior Cases / Context

The Proliance Surgeons breach and resulting settlement are part of an accelerating wave of ransomware-driven data breach class actions targeting Washington state healthcare providers and surgical groups nationally.

Proliance Surgeons’ experience — in which a ransomware attack encrypted files and extracted patient data — reflects one of the most common attack patterns now targeting hospital systems and physician groups. The use of ransomware against healthcare organizations surged in 2022 and 2023, with attackers targeting organizations that hold high-value patient data and are under pressure to restore operations quickly.

The delayed notification timeline in this case — 283 days from breach to patient notification — is one of the central liability issues raised by plaintiffs. Under HIPAA, covered entities are generally required to notify affected individuals within 60 days of discovering a breach. The lawsuit alleges this extended delay caused patients to miss an early window to take protective action against identity theft and fraud.

The settlement structure — with a high documented loss cap of $5,000 alongside a no-proof pro rata option and specialized medical identity monitoring — reflects the standard framework that has emerged in healthcare data breach class actions across the country.

Frequently Asked Questions

Is the Proliance Surgeons lawsuit a class action?

 Yes. In re: Proliance Surgeons Data Breach Litigation, Case No. 23-2-23579-7 SEA, is a class action pending in the Superior Court of the State of Washington in and for King County. It covers U.S. residents whose private information was potentially compromised in the February 11, 2023, data breach.

Has the settlement been approved? 

The settlement has received preliminary court approval. The Final Fairness Hearing is scheduled for June 26, 2026, at 10:00 a.m. PT, at the King County Superior Courthouse in Kent, Washington. Final approval depends on the outcome of that hearing and resolution of any appeals.

Who is eligible to file a claim? 

You are eligible if you are a U.S. resident whose private information was potentially or actually compromised in the February 2023 data security incident, including all individuals who were sent a notice from Proliance Surgeons or its authorized representative about the breach.

What data was exposed in the breach? 

Depending on the individual, the breach may have exposed names, Social Security numbers, dates of birth, telephone numbers, financial information, medical information, diagnosis and treatment information, health insurance information, and medical record numbers.

How much could I receive?

 Class members may claim up to $5,000 for documented out-of-pocket losses, a pro rata cash payment of up to $599 with no proof required, and two years of medical identity-theft protection and monitoring services.

What is the claim deadline? 

Claim forms must be submitted online or postmarked, if by mail, on or before May 28, 2026.

What is the deadline to opt out or object? Both the opt-out and objection deadlines are April 28, 2026.

Where is the official settlement website? 

The court-authorized settlement website is ProlianceDataSettlement.com, administered by Kroll Settlement Administration LLC and supervised by counsel for the parties.

What happens if I do nothing?

 If you do nothing, you will not receive any benefit from the settlement and you will give up certain legal rights, including the right to sue Proliance Surgeons over the claims resolved by this settlement.

Additional Context

The Proliance Surgeons breach is notable for the depth and breadth of patient data exposed. Because the compromised files included both personally identifiable information and protected health information — including diagnoses, treatments, and insurance data — affected patients face a dual risk of financial fraud and medical identity theft. Medical identity theft can result in fraudulent insurance claims being filed in a patient’s name, incorrect entries being added to their medical records, and complications when seeking future medical care.

At the time of the breach, Proliance Surgeons treated more than 800,000 patients annually across more than 100 facilities in Washington state, making it one of the largest surgical groups in the Pacific Northwest. The scale of the organization means the class of nearly 437,400 affected individuals represents a substantial portion of its total patient population.

Last Updated: March 6, 2026

Disclaimer: This article is for informational purposes only and does not constitute legal advice. Legal claims and outcomes depend on specific facts and applicable law. For advice regarding a particular situation, consult a qualified attorney.

About the Author

Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah