Integris Health Agrees to 30 Million Settlement Over 2023 Data Breach Newsweek

pPublishedppOct 15 2025 at 1211 PM EDTppSenior ReporterppOklahoma health system Integris Health reached a 30 million settlement in a data breach class action lawsuit that impacted over two million people over two years agoppThis agreement settles a class action lawsuit filed in the US District Court for the Western District of Oklahoma that accuses Integris of negligence after it failed to protect patient data that was part of a breach in November 2023 and exposed victims to imminent risk of fraud and identity theft risk according to the filing  ppThe plaintiff in the lawsuit accused Integris of negligence claiming the health system failed to protect and safeguard highly sensitive identifiable information resulting in a massive and preventable data breach ppIntegris insufficient data security allowed cybercriminals to hack the computer system and steal patient information plaintiffs claimed ppAccording to the court filing the cybercriminals not only stole the data but also began directly extorting victims of the data breachppVictims are entitled to three years of credit monitoring services which include up to 1 million in identity theft insurance and up to 25000 in reimbursements for outofpocket costs associated with the data breach ppThe settlement notes that Integris denies that it did anything wrong and the court has not decided who is right ppSeveral class action lawsuits were filed in response to the breach and were later consolidated into a single lawsuit Bointy et al V Integris Health Inc filed in the US District Court for the Western District of Oklahoma  ppThe data breach occurred on November 28 2023 impacting over two million people according to court filings  ppAt the end of December 2023 victims of the data breach began receiving emails from a cybercriminal using the email dataleakegeigpcmcambraiadnssecurenet The email informed recipients that if you are receiving this message your data have sic been compromised  ppThe leaked data included Social Security Numbers dates of birth addresses phone numbers insurance information and employer information  ppThe cybercriminal referred to as DataLeakege also threatened to sell the leaked data on the darknet to be used for fraud and identity theft DataLeakege told the plaintiffs they had until January 5 2024 to pay 50 for their stolen data or else it would be sold to data brokers according to the filing  ppPlaintiffs said Integris made no assurance that it attempted to regain the stolen data from the hacker or paid the ransom demand ppDue to defendants negligence cybercriminals have stolen and obtained everything they need to commit identity theft and wreak havoc on the financial and personal lives of millions of individuals the filing stated ppThe plaintiffs sought compensatory damages punitive damages nominal damages restitution and injunctive and declaratory relief reasonable attorney fees and costs and all other remedies this court deems proper ppThe cybercriminal also said it contacted Integris after the breach but the health system refused to resolve the issue according to the filing  ppThe plaintiffs claim that it was only after DataLeakege started extorting victims that Integris publicly announced the breach  ppOn December 24 2023 Integris published a notice on its website informing patients of the breach and the investigations it conducted ppIntegris said it was aware that some patients were contacted by a group claiming to be responsible for the breach and encourages anyone who received an email to NOT respond or contact the sender or follow any instructions  ppIntegris Health encourages you to remain vigilant against incidents of identity theft and fraud by reviewing your account statements and explanation of benefits and monitoring your free credit reports for suspicious activity and to detect errors the company said in the notice ppIntegris said that upon learning of the incident it conducted an investigation with a thirdparty cybersecurity specialist and notified affected individuals  ppAs part of our ongoing commitment to the security of information we are reviewing and enhancing existing policies and procedures to reduce the likelihood of a similar future incident the company notice said As a precautionary measure we are notifying potentially affected individuals including you so that you may take further steps to best protect your personal information should you feel it is appropriate to do so ppIn order to receive benefits from the settlement victims must submit a claim form by December 22 2025 according to the settlement website Individuals can opt out of the settlement by November 21 2025  ppThe 30 million settlement will first be used to pay courtapproved attorneys fees and costs Service Awards for the Class Representatives and the costs of administering the settlement  ppThe rest of the funds will go towards credit monitoring and insurance services which include up to 1 million in identity theft insurance and other documented loss payments ppThese outofpocket costs qualify for up to 25000 in reimbursements and cover costs associated with requesting a credit report credit freeze canceling payment cards closing bank accounts postage or longdistance phone charges and unrefunded overdraft protection fees late or missed payment charges ppThe court will hold a final approval hearing on December 16 2025  ppNewsweek reached out to Integris Health for comment ppHave an announcement or news to share Contact the Newsweek Health Care team at healthcarenewsweekcompp 2025 Newsweek Digital LLCp