Proliance Surgeons has agreed to a $4,450,000 settlement to resolve consolidated class action litigation stemming from a February 2023 ransomware attack and data breach affecting 437,392 individuals. The settlement was filed in the Superior Court of the State of Washington in and for King County under the case name In re: Proliance Surgeons Data Breach Litigation.
Background of the Breach
On February 11, 2023, hackers accessed the Proliance Surgeons network and exfiltrated patient data files. Notification letters were mailed to affected individuals in November 2023, more than 280 days after discovery of the breach. The compromised data included names, Social Security numbers, birth dates, telephone numbers, medical information, diagnosis and treatment details, medical insurance information, and medical record numbers.
Litigation and Allegations
Eleven class action lawsuits were filed following the breach. These were consolidated into a single complaint to conserve resources and address overlapping claims. The consolidated lawsuit claimed that Proliance Surgeons did not implement adequate safeguards to protect personal and protected health information. Plaintiffs argued that the delayed notification compounded the harm.
The complaint asserted negligence, breach of implied contract, unjust enrichment, and violation of the Washington Consumer Protection Act. Plaintiffs also challenged the adequacy of the initial remedy offered, which was a complimentary 12‑month credit monitoring service.
Defendant’s Position
Proliance Surgeons denied all allegations, charges of wrongdoing, and liability. The organization maintained that plaintiffs and class members did not suffer cognizable damage or harm. Despite this position, Proliance Surgeons agreed to settle to avoid the risk, uncertainty, expense, and burden of ongoing litigation.
Settlement Terms
Under the settlement, Proliance Surgeons will establish a $4,450,000 common fund. After deductions for attorneys’ fees, settlement administration, notice costs, and service awards, the fund will provide benefits to class members.
Class members may claim:
- A two‑year membership to the CyEx Medical Shield Complete medical information protection and monitoring service.
- Reimbursement of documented, unreimbursed out‑of‑pocket losses, capped at $5,000 per class member.
- A pro rata cash payment of up to $599, with the final amount dependent on the number of individuals electing credit monitoring, reimbursement, or cash payments.
Deadlines and Hearing
The deadline for exclusion from the settlement and for objections is April 28, 2026. Claims must be submitted by May 28, 2026. The final fairness hearing will be on June 26, 2026. HIPAA compliance officers and healthcare organizations should note the settlement terms and deadlines, as they illustrate the regulatory and legal consequences of delayed breach notification and insufficient safeguards under HIPAA obligations.