Compassion Health Care and Emergency Medical Services Authority: EMSA, CHC settle data breach lawsuit

Two Major Healthcare Data Breach Settlements Resolve Class Action Lawsuits

Two healthcare providers Compassion Health Care (North Carolina) and Emergency Medical Services Authority (EMSA, Oklahoma) have reached settlements in class action lawsuits following separate cyberattacks that exposed sensitive patient data.

Compassion Health Care Settlement

The Yanceyville, North Carolina-based medical practice agreed to a $600,000 settlement after a March 2025 breach compromised the protected health information (PHI) of 23,600 individuals. The incident, detected on March 17, 2025, involved unauthorized access to systems containing names, addresses, Social Security numbers, driver’s license details, health insurance data, and clinical information. Affected individuals were notified on May 16, 2025.

The lawsuit, filed in Caswell County Superior Court on July 2, 2025, alleged negligence in cybersecurity measures. Under the settlement, funds will cover attorneys’ fees, administrative costs, and service awards, with class members eligible for:

• Reimbursement of documented losses (up to $3,000 per person)
• A $40 cash payment as an alternative
• Two years of credit monitoring and identity theft protection

EMSA Settlement

EMSA, Oklahoma’s largest pre-hospital emergency care provider, settled a class action over a February 2024 cyberattack that exposed data of 611,743 individuals, including names, addresses, dates of birth, and Social Security numbers. The breach occurred between February 10–13, 2024, with unauthorized access to patient and employee files.

The lawsuit, consolidated in Oklahoma County District Court, was resolved with a $1.5 million settlement fund. Class members can claim:

• Reimbursement for documented losses (up to $3,000 per person)
• Compensation for lost time (up to 4 hours at $15/hour, with attestation required)
• Two years of single-bureau credit monitoring

Claim deadlines vary by CPT ID, with final fairness hearings scheduled for April–May 2026. Both settlements were reached without admission of liability.

Source: https://medicalbuyer.co.in/emsa-chc-settle-data-breach-lawsuit/

Compassion Health Care TPRM report: https://www.rankiteo.com/company/compassionhealthcare

Emergency Medical Services Authority TPRM report: https://www.rankiteo.com/company/emsaok

"id": "comems1771093572",
"linkid": "compassionhealthcare, emsaok",
"type": "Breach",
"date": "3/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '23,600',
                        'industry': 'Healthcare',
                        'location': 'Yanceyville, North Carolina, USA',
                        'name': 'Compassion Health Care',
                        'type': 'Healthcare Provider'},
                       {'customers_affected': '611,743',
                        'industry': 'Healthcare',
                        'location': 'Oklahoma, USA',
                        'name': 'Emergency Medical Services Authority (EMSA)',
                        'type': 'Healthcare Provider'}],
 'customer_advisories': [{'advisory': 'Reimbursement of documented losses (up '
                                      'to $3,000 per person), $40 cash '
                                      'payment, two years of credit monitoring '
                                      'and identity theft protection',
                          'entity': 'Compassion Health Care'},
                         {'advisory': 'Reimbursement for documented losses (up '
                                      'to $3,000 per person), compensation for '
                                      'lost time (up to 4 hours at $15/hour), '
                                      'two years of single-bureau credit '
                                      'monitoring',
                          'entity': 'EMSA'}],
 'data_breach': {'number_of_records_exposed': ['23,600', '611,743'],
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Names',
                                              'Addresses',
                                              'Social Security numbers',
                                              'Driver’s license details',
                                              'Health insurance data',
                                              'Clinical information',
                                              'Dates of birth']},
 'date_detected': ['2025-03-17', '2024-02-10'],
 'date_publicly_disclosed': ['2025-05-16'],
 'description': 'Two healthcare providers, Compassion Health Care (North '
                'Carolina) and Emergency Medical Services Authority (EMSA, '
                'Oklahoma), have reached settlements in class action lawsuits '
                'following separate cyberattacks that exposed sensitive '
                'patient data.',
 'impact': {'data_compromised': ['Protected Health Information (PHI)',
                                 'Patient and employee data'],
            'financial_loss': ['$600,000', '$1,500,000'],
            'identity_theft_risk': 'High',
            'legal_liabilities': ['Class action lawsuits']},
 'investigation_status': 'Settled',
 'references': [{'source': 'Class Action Lawsuit Settlement'}],
 'regulatory_compliance': {'legal_actions': ['Class action lawsuits']},
 'title': 'Healthcare Data Breach Settlements - Compassion Health Care and '
          'EMSA',
 'type': 'Data Breach'}