City of Hope, a cancer research and treatment organization, has reached a settlement following a class action suit stemming from a 2023 breach.
City of Hope, one of the largest cancer research and treatment organizations in the United States, recently reached a settlement over a class action lawsuit. The California-based center faced a data breach in 2023 that impacted 827,000 individuals.
Several lawsuits were filed, but all were ultimately consolidated into In re City of Hope Data Security Breach Litigation in the Superior Court of the State of California for the County of Los Angeles.
Court documents show that the lawsuit alleged negligence, breach of fiduciary duty, breach of implied contract, and invasion of privacy.
Under the terms of the settlement, City of Hope maintains they committed no wrongdoing, but are agreeing to pay $8.5 million to cover attorney fees, settlement costs, service awards, and benefits for the class action members. Class members may claim up to $5,000 for documented losses or may be eligible to receive a cash payment of approximately $100.
While the settlement has received preliminary approval, there will be a final approval hearing on February 20th, 2026. Individuals have until December 15th, 2025 to object or be excluded from the settlement.
Data breaches can be costly for organizations, and not just because of the settlement. Breaches often come with additional costs, like legal fees, fines, costs associated with upgrading technology, and more. According to IBM, data breaches against healthcare organizations cost, on average, $11 million. For larger organizations, this high cost may be manageable, but for smaller practices, it can quickly strain resources. One Illinois hospital even went bankrupt, citing a ransomware attack as the primary reason.
Ultimately, these breaches can have a large impact on patients and practices alike, but strong cybersecurity measures can make most breaches avoidable.
Once someone agrees to a settlement, they generally agree to no longer pursue any additional lawsuits against the organization regarding that issue. While most people generally participate in the settlement, some individuals may seek out other options.
Exposed and stolen data in the City of Hope breach may have included contact information, Social Security numbers, driver’s license numbers, financial information, health insurance information, medical records, medical histories, diagnoses/conditions, and health insurance information.