McLaren Health Care Data Breach Class Action Settlement

Open for Claims

Current and former patients of McLaren Health Care whose personal information was compromised in the 2023 or 2024 data breaches may be eligible to claim up to $5,000 plus credit monitoring from a $14 million class action settlement.

If you received a data breach notification letter from McLaren Health Care, there is a settlement with your name on it. McLaren Health Care Corp. agreed to resolve a class action lawsuit stemming from two separate ransomware attacks that compromised the personal information of approximately 2.8 million people.

The company denies any wrongdoing but chose to settle rather than face a drawn-out trial. The result: real money available to people who were affected – and you don’t need a lawyer or extensive paperwork to get it.

Who can file a claim?

Individuals must meet all of the following criteria:

They are a current or former patient of McLaren Health Care or an affiliated entity.
Their personal information was compromised in the data breach that occurred between July 28 and August 23, 2023, or between July 17 and August 3, 2024.
They received a data breach notification letter from McLaren Health Care.

Were you affected by the McLaren Health Care data breach? You may be owed up to $5,000.

File Your Claim Now

How much can class members receive?

Class members can claim several types of awards, depending on their circumstances and the documentation they provide:

Documented losses: Up to $5,000 for verified out-of-pocket expenses incurred after July 28, 2023 as a result of the data breach – fraud expenses, identity theft costs, credit monitoring purchases, professional fees, notary and postage costs. Requires documentation such as bank statements, credit card statements, invoices, receipts, or screenshots.
Pro rata cash payment: A proportional share of the remaining settlement fund for class members who do not have documentation. No paperwork required. The exact amount depends on how many people file claims.
Credit monitoring: One year of one-bureau credit monitoring with dark web scanning, $1,000,000 in identity theft reimbursement insurance, fully managed identity restoration, and lost wallet assistance. No documentation required.

How to claim a data breach payment

Class members can submit the online claim form or download, print, complete and mail the PDF claim form to the settlement administrator. The claim deadline is April 29, 2026.

Settlement administrator’s mailing address:
MHCC Class Action Settlement, c/o Claims Administrator, 1650 Arch Street, Suite 2210, Philadelphia, PA 19103

What proof or documentation is necessary to submit a claim?

All claimants must provide their notice ID and confirmation code from the settlement notice they received.
Claimants filing for documented losses must provide supporting records such as bank statements, credit card statements, invoices, receipts, telephone records, or screenshots.
Claimants filing for the pro rata cash payment do not need to provide documentation beyond the claim form itself.
Claimants electing credit monitoring do not need to provide documentation.

Payout options

Physical check (default payment method)
Electronic payment (if available through the claims portal)

Settlement fund breakdown

The settlement fund covers:

Settlement administration costs	Amount not specified
Attorneys’ fees and expenses	Amount not specified
Service awards to the plaintiffs	Amount not specified
Credit monitoring enrollment costs	Based on valid claims
Payments to eligible class members	Up to $14,000,000

When is the McLaren Health Care data settlement payout date?

The settlement administrator will issue payments after the court grants final approval at the April 21, 2026 hearing and resolves any appeals. Checks will be valid for 90 days from the date of issuance. No specific payout date has been announced – this is standard at this stage of the process.

Why did this class action settlement happen?

The class action lawsuit alleged McLaren Health Care Corp. experienced two separate ransomware attacks – one between July 28 and August 23, 2023, and another between July 17 and August 3, 2024 – that compromised the personal and protected health information of approximately 2.8 million individuals.

The plaintiffs claimed McLaren failed to implement adequate cybersecurity measures to protect patient data, including names, Social Security numbers, dates of birth, health insurance information, and medical records.

McLaren denies any wrongdoing but agreed to settle to avoid the uncertainty and expense of continued litigation.

Is the McLaren Health Care data breach settlement legitimate?

Yes – this is a fully court-supervised settlement. Here’s what confirms it:

Case number: 24-121459-GC, filed in the 7th Judicial Circuit Court for Genesee County, Michigan
Administrator: Angeion Group, an independent third-party claims administrator
Official site: mhccsettlement.com
Notice: Sent directly by the settlement administrator – not by McLaren

The settlement received preliminary court approval in December 2025. The final approval hearing is scheduled for April 21, 2026. Claims must be filed before April 29, 2026 – no payments will be issued before final approval.

How much will I actually receive from the McLaren Health Care settlement?

It depends on two things: what you claim and how many people file. The $14 million fund is split among all valid claimants.

Pro rata cash (no docs needed) – the undocumented payment. The exact amount depends on how many of the 2.8 million affected individuals submit claims. If participation is low, each claimant gets more.
Up to $5,000 (documented losses) – requires bank statements, receipts, or other records proving expenses tied to the breach.
Credit monitoring – one year of one-bureau monitoring with $1,000,000 identity theft insurance, available to everyone at no cost.

The $5,000 headline figure is the theoretical maximum for documented losses. Most people will receive the pro rata cash payment plus credit monitoring – which is still worth filing for.

What actually happened in the McLaren Health Care data breach?

McLaren Health Care Corp. – a Michigan-based healthcare system operating 13 hospitals and other medical facilities – suffered two separate ransomware attacks that exposed protected health information of current and former patients.

First breach (2023): Between July 28 and August 23, 2023, hackers gained unauthorized access to McLaren’s systems. The ALPHV/BlackCat ransomware group claimed responsibility and reportedly published stolen data on the dark web.

Second breach (2024): Between July 17 and August 3, 2024, McLaren was hit by another ransomware attack – this time by the INC Ransom group. The attack disrupted hospital operations and forced some facilities to divert ambulances.

What was exposed: Names, Social Security numbers, dates of birth, health insurance information, medical record numbers, diagnostic and treatment information, and billing and claims data.

What McLaren says: They deny any wrongdoing – but agreed to a $14 million settlement rather than face trial.

Why do companies settle data breach lawsuits even when they deny wrongdoing?

Settlement does not mean admission of guilt. Companies settle for practical reasons:

Litigation is expensive – legal fees alone can exceed the settlement amount
Trials are unpredictable – a verdict could result in a far larger payout
Settling ends years of ongoing litigation and negative press
For plaintiffs, it guarantees a payout rather than risking nothing at trial

Courts still review every class action settlement to confirm it’s fair and reasonable – that’s what the April 21, 2026 final approval hearing is for. Denying wrongdoing while settling is standard practice and has no effect on your right to file a claim.

Sources

Settlement Summary

Status	Open for Claims
Category	Data Breach
Estimated Payout Per Person	Up to $5,000 plus credit monitoring
Is Proof Required?	Not Applicable
Days Remaining to File Claim	–
Claim Deadline	April 29, 2026
Final Approval Hearing	April 21, 2026
Case Number	24-121459-GC
Case Title	Womack-Devereaux v. McLaren Health Care Corp.
Settlement Website	mhccsettlement.com
Settlement Administrator	MHCC Class Action Settlement c/o Claims Administrator 1650 Arch Street, Suite 2210 Philadelphia, PA 19103 844-685-4251

Frequently Asked Questions

Can I still file a claim if I lost my breach notification letter? +

Yes. Your notice ID and confirmation code were included in the letter sent by the settlement administrator. If you can’t find it, contact the claims administrator directly at 844-685-4251 or visit the settlement website at mhccsettlement.com – they can look you up. Don’t let a missing letter stop you from filing.

Is the pro rata payment worth filing for if I don’t have documentation? +

Yes – and you also get one year of free credit monitoring with $1,000,000 in identity theft reimbursement insurance on top of the cash payment. Filing takes just a few minutes online and requires no paperwork beyond your notice ID. The pro rata payment exists precisely for people who don’t have documentation of specific losses. File your claim here.

What happens if I miss the April 29, 2026 deadline? +

You lose your right to compensation from this settlement permanently. Class action deadlines are hard cutoffs – courts do not grant extensions for individual claimants who miss the filing window. If you miss it, you also give up your right to sue McLaren Health Care separately over these data breaches. File now, even if you plan to add documentation later. There are also other open settlements you may qualify for.

Can MoneyPilot file my McLaren Health Care claim for me? +

Yes. MoneyPilot automatically identifies class action settlements you qualify for and files claims on your behalf. Instead of tracking deadlines and filling out forms yourself, it handles everything and notifies you when a payout is on the way.