The settlement follows a 2025 data breach that impacted over 5 million individuals.
What happened
Yale New Haven Health has proposed an $18 million settlement to resolve claims from a 2025 data breach. The settlement has been granted preliminary approval by a federal court judge. The lawsuit was originally filed in March, 2025, along with 17 additional complaints that were consolidated into a single action: In Re: Yale New Haven Health Services Corp. Data Breach in the U.S. District Court for the District of Connecticut. The lawsuit asserted claims of negligence, breach of implied contract, unjust enrichment, breach of fiduciary duty, and declaratory judgement. Yale New Haven has not admitted any guilt, but stated that a settlement could prevent additional costs and an uncertain outcome from trial.
The $18 million settlement fund will go to cover costs associated with litigation and towards the settlement. The final approval hearing has been scheduled for March 3, 2026.
The backstory
The breach was first reported to the Health and Human Services’ (HHS) Office for Civil Rights on April 11th, 2025 and impacted 5,556,702 individuals. Suspicious activity was first discovered on March 8th, 2025, and Yale promptly announced the incident on their website.
Stolen information included patient names, addresses, telephone numbers, email addresses, dates of birth, race/ethnicity information, medical record numbers, and Social Security numbers.
Why it matters
This massive data breach has been one of the largest in recent years. Another major and recent breach was the ransomware attack against Change Healthcare that took place in 2024 and impacted approximately 30% of Americans. Now, United Health Group, the parent company, is facing its own legal battles. While the breach at Yale New Haven impacted less people, it shows that massive breaches are becoming a more frequent occurrence, showing how organizations need strong and evolving cybersecurity practices.
FAQs
Is it common for data breach settlements to be so high?
Data settlements can range broadly, but largely depend on the number of individuals impacted. When millions of individuals are impacted, the settlement can become much higher so that each victim is able to receive compensation.
How are settlement monies divided?
Settlement money goes to multiple places, including attorneys’ fees and expenses, service awards for the lead plaintiffs, and settlement administration costs. Service awards are also given to each named plaintiff. The rest of the money generally goes to class members who submit claims. In this case, claims of documented losses can be submitted for up to $5,000. If an individual does not have documented losses, they may still be entitled to a $100 cash payment.
Abby Grifno
