Alpine ENT Data Breach Settlement Offers Victims Up to $5,000, Claims Due July 2026

Alpine Ear, Nose & Throat (ENT) has agreed to a settlement in a class action lawsuit following a data incident that exposed patient information. This resolution allows individuals affected by the October 2024 cyberattack to receive compensation, while Alpine ENT denies wrongdoing, stating the settlement avoids costly litigation.

In October 2024, a targeted third-party cyberattack compromised Alpine ENT's network, potentially exposing personally identifiable information (PII) and protected health information (PHI) of its patients. Such incidents underscore the persistent threats healthcare providers face, where unauthorized access can lead to significant privacy breaches and operational disruptions.

Eligible individuals, defined as U.S. residents who received notice of the data incident, can submit claims for various forms of compensation. Those with documented out-of-pocket losses directly related to the breach between October 9, 2024, and July 23, 2026, may receive up to $5,000. Alternatively, claimants can seek up to $80 for time spent addressing the incident, calculated at $20 per hour for a maximum of four hours, or opt for a $50 cash payment without needing specific documentation. All eligible class members can also claim two years of CyEx Medical Shield Complete, a service that includes medical and credit monitoring along with identity theft insurance. The final deadline for submitting claims is July 23, 2026.

This settlement highlights the substantial financial and legal repercussions for organizations experiencing data breaches, extending beyond immediate incident response costs. It reinforces the necessity for robust cybersecurity frameworks that protect sensitive patient data, as legal liabilities for compromised PII and PHI can be significant. Organizations must evaluate their incident response plans to include provisions for potential class action litigation and consumer remediation efforts.

What to watch next: Organizations should monitor similar data breach settlements to understand evolving legal precedents and the financial liabilities associated with safeguarding sensitive personal and health information.