Norton Healthcare Data Breach Class Action Settlement

Open for Claims

Individuals who received notice of the Norton Healthcare data breach may be eligible to claim up to $2,580 plus three years of medical monitoring from a class action settlement.

If your personal information was caught up in the Norton Healthcare data breach, there’s a settlement with your name on it. Norton Healthcare agreed to pay $11 million to resolve a class action lawsuit stemming from a ransomware attack in May 2023 that compromised the personal information of approximately 2.5 million patients and employees.

The company denies any wrongdoing but chose to settle rather than face a drawn-out trial. The result: real money and medical monitoring available to people who were affected – and you don’t need a lawyer or extensive paperwork to get it.

Who can file a claim?

Individuals must meet all of the following criteria:

They reside in the United States.
The Norton Healthcare data incident that occurred in May 2023 potentially impacted their personal information.
They received a notification letter from Norton Healthcare about the data breach.

The deadline to file is May 18, 2026. Don’t miss your chance to claim.

File Your Claim Now

How much can class members receive?

Class members can claim several types of awards, depending on their circumstances and the documentation they provide:

Out-of-pocket losses: Up to $2,500 for documented, unreimbursed expenses incurred as a result of the data breach – bank fees, communication charges, travel costs, credit monitoring expenses, and fraudulent charges. Requires documentation such as receipts, bills, or bank statements.
Lost time: Up to four hours at $20 per hour (maximum $80) for time spent responding to the breach. Must describe the time spent and activities performed. Subject to attestation under penalty of perjury.
Cash payment: A minimum of $5 distributed pro rata from the settlement fund. No documentation required.
Medical monitoring: Three years of CyEx Medical Shield Pro, which includes medical identity-theft protection and monitoring services. No documentation required.

How to claim a data breach payment

Class members can submit the online claim form or download, print, complete and mail the PDF claim form to the settlement administrator. The claim deadline is May 18, 2026.

Settlement administrator’s mailing address:
Berthold v. Norton Healthcare, c/o Kroll Settlement Administration, PO Box 5324, New York, NY 10150-5324

What proof or documentation is necessary to submit a claim?

All claimants must provide the claim number from the notification letter they received from Norton Healthcare.
Claimants filing for out-of-pocket losses must provide documentation such as bank statements, bills, receipts, or other records showing the expense and its connection to the data breach.
Claimants filing for lost time must provide a description of the activities and time spent addressing the breach, along with an attestation under penalty of perjury.
Claimants filing for the cash payment or medical monitoring do not need to provide documentation.

Payout options

Physical check (for mailed claim forms)
Electronic payment (for online claim forms)

Settlement fund breakdown

The $11 million settlement fund covers:

Settlement administration costs	Amount not specified
Attorneys’ fees and expenses	Up to one-third of the fund
Service awards to plaintiffs	Up to $5,000 each
Medical monitoring costs	Based on valid claims
Payments to eligible class members	Up to $11,000,000

When is the Norton Healthcare data settlement payout date?

The court will hold a final approval hearing on May 15, 2026. If the settlement receives final approval, payments will be issued after all appeals are resolved. No specific payout date has been announced – this is standard at this stage of the process.

Why did this class action settlement happen?

The class action lawsuit alleged Norton Healthcare experienced a ransomware attack in May 2023 that compromised the personal information of approximately 2.5 million patients and employees. The plaintiffs claimed Norton Healthcare failed to implement adequate cybersecurity measures to protect sensitive data including Social Security numbers.

Norton Healthcare denies any wrongdoing but agreed to settle for $11 million to avoid the uncertainty and expense of litigation.

Is the Norton Healthcare data breach settlement legitimate?

Yes – this is a fully court-supervised settlement. Here’s what confirms it:

Case number: 23-CI-003349, filed in Jefferson Circuit Court, Kentucky
Administrator: Kroll Settlement Administration LLC, an independent third party
Official site: nortondataincidentsettlement.com
Notice: Sent directly by the settlement administrator – not by Norton Healthcare

The settlement received preliminary approval on January 13, 2026. The final approval hearing is scheduled for May 15, 2026. Claims must be filed before May 18, 2026 – no payments will be issued before final approval.

How much will I actually receive from the Norton Healthcare settlement?

It depends on two things: what you claim and how many people file. The $11 million fund is split among all valid claimants, and approximately 2.5 million people are eligible.

$5 minimum (no docs needed) – the pro rata cash payment. Fixed minimum, but the actual amount depends on how many people file claims.
Up to $80 (lost time) – requires a description of time spent and attestation under penalty of perjury.
Up to $2,500 (out-of-pocket losses) – requires receipts, bank statements, or other records.
Medical monitoring – three years of CyEx Medical Shield Pro, no documentation required, available to everyone.

The $2,580 headline figure is the theoretical maximum for cash. Most people will receive the $5 minimum plus medical monitoring – which is still worth filing for since the monitoring alone has significant value.

What actually happened in the Norton Healthcare data breach?

In May 2023, Norton Healthcare – a major healthcare system serving Kentucky and Southern Indiana with over 350 locations – experienced a ransomware attack that exposed the personal information of approximately 2.5 million individuals.

What was exposed: Social Security numbers, dates of birth, health information, insurance details, and medical identification numbers. The breach affected patients, employees, and their dependents.

What the lawsuit claims: That Norton Healthcare failed to implement reasonable cybersecurity measures to protect sensitive patient and employee data from the ransomware attack.

What Norton Healthcare says: They deny any wrongdoing – but agreed to an $11 million settlement rather than face trial.

Why do companies settle data breach lawsuits even when they deny wrongdoing?

Settlement does not mean admission of guilt. Companies settle for practical reasons:

Litigation is expensive – legal fees alone can exceed the settlement amount
Trials are unpredictable – a verdict could result in a far larger payout
Settling ends years of ongoing litigation and negative press
For plaintiffs, it guarantees a payout rather than risking nothing at trial

Courts still review every class action settlement to confirm it’s fair and reasonable – that’s what the May 15, 2026 final approval hearing is for. Denying wrongdoing while settling is standard practice and has no effect on your right to file a claim.

Sources

Settlement Summary

Status	Open for Claims
Category	Data Breach
Estimated Payout Per Person	Up to $2,580 plus medical monitoring
Is Proof Required?	Not Applicable
Days Remaining to File Claim	–
Claim Deadline	May 18, 2026
Fairness Hearing	May 15, 2026
Final Approval Hearing	May 15, 2026
Case Number	23-CI-003349
Case Title	Berthold, et al. v. Norton Healthcare, Inc.
Settlement Website	nortondataincidentsettlement.com
Settlement Administrator	Kroll Settlement Administration Berthold v. Norton Healthcare c/o Claims Administrator PO Box 5324, New York, NY 10150-5324 833-319-9294 info@NortonDataIncidentSettlement.com

Frequently Asked Questions

Can I still file a claim if I lost my notification letter from Norton Healthcare? +

Yes. Your claim number was included in the notification letter sent by Kroll Settlement Administration. If you can’t find it, contact the settlement administrator directly at 833-319-9294 or info@NortonDataIncidentSettlement.com – they can look you up. Don’t let a missing letter stop you from filing.

Is $5 worth filing for if I don’t have documentation? +

Yes – and you also get three years of free medical monitoring through CyEx Medical Shield Pro on top of the cash payment. Filing takes just a few minutes online and requires no paperwork. The cash payment exists precisely for people who don’t have documentation of specific losses – and the medical monitoring alone has significant value for detecting future identity theft. File your claim here.

What happens if I miss the May 18, 2026 deadline? +

You lose your right to compensation from this settlement permanently. Class action deadlines are hard cutoffs – courts do not grant extensions for individual claimants who miss the filing window. If you miss it, you also give up your right to sue Norton Healthcare separately over this incident. File now, even if you plan to add documentation later. There are also other open settlements you may qualify for.

Can MoneyPilot file my Norton Healthcare claim for me? +

Yes. MoneyPilot automatically identifies class action settlements you qualify for and files claims on your behalf. Instead of tracking deadlines and filling out forms yourself, it handles everything and notifies you when a payout is on the way.