If you were affected by the McLaren Health Care data breaches in 2023 or 2024, you may be eligible to claim up to $5,000 plus credit monitoring from a $14,000,000 class action settlement.
If your personal information was compromised in either of the McLaren Health Care data breaches, there’s a $14 million settlement with your name on it. McLaren Health Care – a nonprofit health system operating 14 hospitals and over 250 locations in Michigan – agreed to resolve a class action lawsuit after two separate ransomware attacks exposed the data of over 2.8 million patients and employees.
The company denies any wrongdoing but chose to settle rather than face a drawn-out trial. The result: real money available to people who were affected – and you don’t need a lawyer or extensive paperwork to get it.
Who can file a claim?
Individuals must meet all of the following criteria:
- Notification received: They were notified by McLaren Health Care that their personal information was potentially compromised in either the 2023 or 2024 data breach.
- Data exposed: Their sensitive information, including Social Security numbers, was potentially exposed in one or both ransomware attacks.
- Relationship to McLaren: They are current or former patients or employees of McLaren Health Care.
Were you affected by a McLaren Health Care data breach?
Check My EligibilityHow much can class members receive?
Class members can claim several types of awards, depending on their circumstances and the documentation they provide:
- Documented losses: Up to $5,000 for documented, unreimbursed out-of-pocket expenses traceable to the data breaches – bank fees, communication charges, travel expenses, credit-related costs, fraudulent charges. Requires documentation such as credit card statements, bank statements, invoices, telephone records, screenshots, or receipts. Losses must have been incurred on or after July 28, 2023.
- Pro rata cash payment: Varies based on remaining funds after fees, admin costs, and documented loss claims are paid. No documentation required.
- Credit monitoring: One year of IDX Identity Protection Services including dark web scanning, $1,000,000 in reimbursement insurance, fully managed identity restoration, and lost wallet assistance. No documentation required.
How to claim a data breach payment
Class members can submit the online claim form or download, print, complete and mail the PDF claim form to the settlement administrator. The claim deadline is April 29, 2026.
MHCC Class Action Settlement, c/o Claims Administrator, 1650 Arch Street, Suite 2210, Philadelphia, PA 19103
What proof or documentation is necessary to submit a claim?
- Documented losses: Claimants must provide supporting records such as credit card statements, bank statements, invoices, telephone records, screenshots, or receipts showing unreimbursed out-of-pocket expenses traceable to the McLaren Health Care data breach settlement.
- Pro rata cash payment: No documentation is required. This option is available to all eligible class members regardless of whether they can prove specific losses.
- Credit monitoring: No documentation is required. All eligible class members can enroll in one year of IDX Identity Protection Services.
Payout options
- Physical check: Mailed to the address provided on the claim form.
- Electronic payment: Available for claims submitted online.
Settlement fund breakdown
The $14,000,000 settlement fund covers:
When is the McLaren Health Care data settlement payout date?
The settlement administrator will issue payments after the court grants final approval and resolves any appeals. The fairness hearing is scheduled for April 21, 2026 – but no specific payout date has been announced yet. This is standard at this stage of the process.
Why did this class action settlement happen?
The class action lawsuit alleged McLaren Health Care failed to protect the personal information of over 2.8 million patients and employees during two separate ransomware attacks. The first attack occurred between July 28 and August 23, 2023, and the second between July 17 and August 3, 2024.
Plaintiffs claimed McLaren Health Care did not implement adequate cybersecurity measures to prevent unauthorized access to sensitive data, including Social Security numbers. The McLaren Health Care data breach settlement was reached after McLaren denied any wrongdoing but agreed to resolve the case to avoid the uncertainty and expense of litigation.
Is the McLaren Health Care data breach settlement legitimate?
Yes – this is a fully court-supervised settlement. Here’s what confirms it:
- Case number: 24-121459-GC, filed in the 7th Judicial Circuit Court for Genesee County, Michigan
- Administrator: Angeion Group, an independent third-party claims administrator
- Official site: mhccsettlement.com
- Notice: Sent directly by the administrator – not by McLaren Health Care
The settlement is pending final court approval at the April 21, 2026 fairness hearing. Claims must be filed before April 29, 2026 – no payments will be issued before final approval.
How much will I actually receive from the McLaren Health Care settlement?
The McLaren Health Care data breach settlement fund totals $14,000,000 – but how much you actually receive depends on two things: what you claim and how many people file. The fund is split among all valid claimants after attorneys’ fees and administration costs are deducted.
- Pro rata cash payment (no docs needed) – the amount varies based on how many people file. With over 2.8 million affected individuals, actual payouts depend on the claim rate.
- Up to $5,000 (documented losses) – requires receipts, bank statements, or other records showing out-of-pocket expenses traceable to the breaches.
- Credit monitoring – one year of IDX Identity Protection Services, no documentation required, available to everyone.
The $5,000 headline figure is the theoretical maximum for documented losses. Most people will receive the pro rata cash payment plus credit monitoring – which is still worth filing for.
What actually happened in the McLaren Health Care data breach?
McLaren Health Care – a nonprofit health system operating 14 hospitals and over 250 locations across Michigan – suffered two separate ransomware attacks that compromised the personal information of over 2.8 million patients and employees.
First breach (2023): Between July 28 and August 23, 2023, attackers gained unauthorized access to McLaren’s systems. Sensitive data including Social Security numbers, medical records, and personal identifiers were potentially exposed.
Second breach (2024): Between July 17 and August 3, 2024, a second ransomware attack struck McLaren’s network. This attack affected many of the same data categories and impacted current and former patients and employees.
What the lawsuit claims: That McLaren Health Care failed to implement adequate cybersecurity measures to protect sensitive personal information – and that the second breach proved the company did not fix the vulnerabilities exposed in the first attack.
Why do companies settle data breach lawsuits even when they deny wrongdoing?
Settlement does not mean admission of guilt. Companies settle for practical reasons:
- Cost of litigation: Legal fees alone can exceed the settlement amount
- Unpredictable outcomes: A verdict could result in a far larger payout
- Closure: Settling ends years of ongoing litigation and negative press
- Guaranteed resolution: For plaintiffs, it guarantees a payout rather than risking nothing at trial
Courts still review every class action settlement to confirm it’s fair and reasonable – that’s what the April 21, 2026 fairness hearing is for. Denying wrongdoing while settling is standard practice and has no effect on your right to file a claim.