A federal judge has given preliminary approval to settle a class action lawsuit following a 2022 breach that exposed data of over 4.2 million individuals.
Independent Living Systems (ILS), a Florida-based healthcare support services provider, has agreed to a $14 million settlement to resolve litigation stemming from a 2022 data breach. The breach, which affected more than 4.2 million individuals, involved unauthorized access to sensitive data, including names, Social Security numbers, taxpayer IDs, medical records, and insurance information.
The breach was first discovered around July 5, 2022, and notifications were sent to affected individuals on March 14, 2023. Multiple lawsuits were filed shortly after, beginning March 17, 2023. The cases were consolidated later that year in federal court under the name In re Independent Living Systems Data Breach Litigation.
The consolidated lawsuit alleged that ILS failed to implement adequate cybersecurity measures, resulting in negligence, unjust enrichment, and violations of Florida consumer protection laws. After surviving a motion to dismiss and following two mediation efforts, the parties reached a settlement agreement in principle on December 18, 2024.
Under the terms of the settlement, ILS will create a $14 million fund to cover legal expenses, class administration costs, and eligible claims. Class members, individuals who received a breach notification, may file for:
California residents are eligible for a larger pro rata share of the fund. Any leftover funds will be donated to the Alzheimer’s Association. ILS has also invested over $2 million to improve its data security since the breach.
The court has granted preliminary approval of the agreement, signaling that the terms met initial legal standards for fairness and adequacy. The final approval will follow after a claims period and fairness hearing. While ILS has not admitted wrongdoing, it has confirmed the implementation of updated data protection measures.
The ILS settlement addresses legal and financial fallout from a breach that affected over 4 million individuals. Rather than litigate further, the company agreed to compensate victims and fund claim processing, while also confirming internal cybersecurity upgrades. Although ILS did not admit fault, the resolution provides restitution to affected individuals and adds financial accountability to the organization’s response.
Anyone who received a notification letter from ILS about the 2022 data breach is considered a class member and may be eligible to file a claim.
Claim forms will be made available through a designated settlement website or by mail. Instructions will be included in the notice sent to class members.
A cy pres distribution redirects leftover funds from a settlement to a related nonprofit when individual payouts are no longer feasible. The Alzheimer’s Association was selected due to its relevance to the populations ILS serves.
California residents are entitled to a double pro rata share due to stronger consumer protection statutes under California law.
ILS reported spending over $2 million on enhanced cybersecurity practices, though specific details have not been publicly disclosed. These likely include stronger access controls, system monitoring, and data protection protocols.