Individuals who received notice of the Norton Healthcare data breach may be eligible to claim up to $2,580 plus medical monitoring from a class action settlement.
If your personal information was compromised in the Norton Healthcare data breach settlement, there is money available for you. Norton Healthcare – a healthcare system operating hospitals and medical facilities – agreed to an $11,000,000 settlement to resolve a class action lawsuit stemming from a data breach that occurred on or around May 9, 2023.
The company denies any wrongdoing but chose to settle rather than face a drawn-out trial. The result: real money and medical monitoring available to people who were affected – and you don’t need a lawyer or extensive paperwork to get it.
Who can file a claim?
Individuals must meet the following criteria:
- Notification received: They received a letter from Norton Healthcare notifying them that their personal information may have been compromised in the data incident.
- Affected by the breach: Their personal information was potentially exposed during the Norton Healthcare data breach that occurred on or around May 9, 2023.
You may be eligible for up to $2,580 plus medical monitoring from the Norton Healthcare data breach settlement.
File Your Claim NowHow much can class members receive?
Class members can claim several types of awards, depending on their circumstances and the documentation they provide:
- Cash payment: A pro-rata share of the settlement fund with a minimum of $5 per claimant. No documentation is required to receive this payment.
- Out-of-pocket losses: Up to $2,500 for documented unreimbursed costs incurred between May 9, 2023 and May 18, 2026. Covered expenses include bank fees, phone and data charges, credit monitoring costs, identity theft insurance premiums, and actual fraud losses. Documentation such as receipts, bank statements, and bills is required.
- Lost time: Up to $80 for time spent responding to the breach, calculated at $20 per hour for up to four hours. Covered activities include placing credit freezes, monitoring accounts, and remedying fraud. An attestation describing the time spent is required.
- Medical monitoring: Three years of CyEx Medical Shield Pro at no cost. No documentation is required to receive this benefit.
How to claim a data breach payment
Class members can submit the online claim form or download, print, complete and mail the PDF claim form to the settlement administrator. The claim deadline is May 18, 2026.
Norton Healthcare Data Incident Settlement, c/o Kroll Settlement Administration LLC, PO Box 5324, New York, NY 10150-5324
What proof or documentation is necessary to submit a claim?
- Cash payment: No documentation is required. All eligible class members can receive this payment simply by submitting a valid claim form.
- Out-of-pocket losses: Claimants must provide documentation such as receipts, bank statements, or bills showing unreimbursed expenses related to the data breach.
- Lost time: Claimants must provide a written description of the activities performed and an attestation of the time spent responding to the breach.
- Medical monitoring: No documentation is required. All eligible class members can enroll in three years of CyEx Medical Shield Pro.
Payout options
- Physical check: Mailed to the address provided on the claim form.
- Electronic payment: Available for claims submitted online.
Settlement fund breakdown
The $11,000,000 settlement fund covers:
When is the Norton Healthcare data settlement payout date?
The settlement administrator will issue payments after the court resolves any appeals and grants final approval of the settlement. The fairness hearing is scheduled for May 15, 2026. No specific payout date has been announced – this is standard at this stage of the process.
Why did this class action settlement happen?
The class action lawsuit alleged Norton Healthcare experienced a data breach on or around May 9, 2023, that compromised the personal information of individuals in their system. The plaintiffs claimed Norton Healthcare failed to adequately protect this information from unauthorized access.
Norton Healthcare denies any wrongdoing but agreed to an $11,000,000 settlement to avoid the uncertainty and expense of continued litigation.
Is the Norton Healthcare data breach settlement legitimate?
Yes – this is a fully court-supervised settlement. Here’s what confirms it:
- Case number: 23-CI-003349, filed in Jefferson Circuit Court, Division Two, Kentucky
- Administrator: Kroll Settlement Administration LLC, an independent third party
- Official site: nortondataincidentsettlement.com
- Notice: Sent directly by the settlement administrator – not by Norton Healthcare
The Norton Healthcare data breach settlement is pending final court approval at the May 15, 2026 fairness hearing. Claims must be filed before May 18, 2026 – no payments will be issued before final approval.
How much will I actually receive from the Norton Healthcare settlement?
It depends on two things: what you claim and how many people file. The $11,000,000 fund is split among all valid claimants after fees and costs.
- Minimum $5 cash (no docs needed) – the base cash payment. Every eligible claimant receives at least this amount, with the potential for more depending on how many people file.
- Up to $2,580 (out-of-pocket + lost time) – requires receipts, bank statements, or other documentation for out-of-pocket losses, plus an attestation for lost time.
- Three years of medical monitoring (no docs needed) – CyEx Medical Shield Pro, available to all eligible class members regardless of other claims filed.
The $2,580 figure is the theoretical maximum for monetary claims. Most people will receive the base cash payment plus free medical monitoring – which is still worth filing for given the five-minute time investment.
What actually happened in the Norton Healthcare data breach?
On or around May 9, 2023, Norton Healthcare – a healthcare system operating hospitals and medical facilities in Kentucky and Indiana – experienced a data breach that compromised personal information stored in their systems.
What was exposed: The breach potentially compromised sensitive personal information of patients, employees, and other individuals whose data Norton Healthcare maintained. Affected individuals received notification letters from Norton Healthcare.
What the lawsuit claims: That Norton Healthcare failed to implement reasonable and adequate security measures to protect the personal information entrusted to them by patients and staff.
What Norton Healthcare says: They deny any wrongdoing – but agreed to an $11,000,000 settlement rather than face trial.
Why do companies settle data breach lawsuits even when they deny wrongdoing?
Settlement does not mean admission of guilt. Companies settle for practical reasons:
- Cost of litigation: Legal fees alone can exceed the settlement amount over years of courtroom battles
- Unpredictable outcomes: Trials are unpredictable – a verdict could result in a far larger payout
- Business continuity: Settling ends years of ongoing litigation and negative press coverage
- Guaranteed resolution: For plaintiffs, it guarantees a payout rather than risking nothing at trial
Courts still review every class action settlement to confirm it’s fair and reasonable – that’s what the May 15, 2026 fairness hearing is for. Denying wrongdoing while settling is standard practice and has no effect on your right to file a claim.