Data breach victims settle funds available
US plaintiffs affected by a massive data breach at Arkansas-based health organisation Arisa Health are passing their time gathering up to $5,000 in compensation. The compensation is paid to them in a $1.9 million settlement from a class action lawsuit that was made public earlier this year. The award is given to those whose personal information possibly was exposed, and filing a claim has a deadline of August 27, 2025.
The suit follows a data breach reported by Arisa Health in March 2024. The breach may have exposed patient information, including names, Social Security numbers, and medical history. Arisa Health provides mental and behavioural health care in Arkansas and resolved the suit without admitting fault.
What happened at Arisa Health?
In March 2024, Arisa Health disclosed that it had experienced a cyberattack. The complaint alleges that company hackers intruded into its systems and possibly abducted the personal information of several patients and employees. The parties in the case alleged that the company failed to protect such information adequately. Specifically, they alleged that Arisa Health failed to implement standard safety measures like multifactor authentication that would have protected against the breach.
Although they did not accept fault, Arisa Health settled the claims. The victims shall be awarded payment in cash to be compensated for their losses as a result of the data breach.
You might want to read this later:
How can I get a copy of my wage and tax statements (Form W-2)?
How to print your social security record?
How do I apply for a replacement Social Security number card online?
Who are eligible for the payment?
If Arisa Health notifies you about the breach of your data, you are eligible for compensation. The notice is your window to file in the class action and receive your portion of the $1.9 million award.
There are two simple forms of awards you can claim:
The payment covers actual losses up to $5,000. This compensates for out-of-pocket expenses that are a direct result of the breach, such as bank fees, identity theft charges, and loss as a result of fraud. You can also reimburse the fee for credit monitoring services you may have purchased as a result of the incident.
A flat fee of $70 will be provided to individuals who were impacted but do not have documentation of their losses.
All members of the class are also entitled to three years of free credit monitoring services, regardless of whether they are filing a claim for money or not.
How to claim your money
To lodge a claim, you’ll have to fill out an adequate claim form by the August 27, 2025, deadline. You’ll also have to provide supporting documentation if you are claiming certain costs. But be aware of this: supporting documentation must be official or third-party. Handwritten records, logs, or self-styled receipts won’t be acceptable on their own, although they will be accepted in combination with other proof.
For instance, if your bank charged you for a suspicious transaction following the breach, you will be required to include the bank statement or the email message showing the charge. Weakly supported claims may be denied or offset to the $70 minimum.
It is simple to fill the form. The procedure is generally online, but claimants can also send by post whenever required. Details are included in the notice given to those concerned.
What happens next
When the claims deadline expires on August 27, 2025, a final hearing will take place on September 24, 2025. That is when the judge will decide whether to provide final approval to the settlement. Once the court approves it, payments can be made in short order.
Approved claimants who are to be paid can receive payment in the manner they prefer—by a cheque mailed to them or by direct deposit. Instructions for the credit monitoring programme will also be mailed to successful claimants.
If you wish to be excluded from the settlement or don’t agree with its terms, the cut-off date for submitting an exclusion request or objection is August 5, 2025.
Why this settlement matters
Though the occurrence of data breaches has grown more common over recent years, it is not often that actual payments—much less a payment as substantial as $5,000—are made to victims. Mostly, companies just issue a year’s worth of credit monitoring and are done with it. However, the Arisa Health case shows how leverage applied in court can turn into hard cash, particularly when health information is on the line.
Medical data is among the most precious in cybercrime. It could be sold for identity theft, insurance fraud claims, or used in blackmail. That is why these cases are important: they make business entities accountable and give victims a chance to reclaim part of what was stolen.
Another chance at compensation
Very notably, this is not the first recent class action settlement to make the news. Americans are owed half of a $19 million settlement from price comparison site QuoteWizard. The firm was accused in the suit of having sent text telemarketing messages without permission.
Similar to the Arisa Health case, QuoteWizard did not admit fault but settled. The objection or opt-out deadline on that settlement is also August 5, 2025, but the process and terms differ.
Don’t miss the deadline
If you have already received a call from Arisa Health so far this year, it is time to take action. You can potentially recover thousands of dollars in payment, but only if you send in your complaint by August 27, 2025.
Even if there aren’t records of out-of-pocket expenses, you can receive $70 and three years of complimentary credit monitoring. That’s a good bonus, especially if you’d like to ensure your identity is protected.
Take a few minutes to go over your papers, fill out the claim form, and collect what’s yours before the deadline arrives.
You can watch this video about data breaches:
