Concord Orthopaedics Data Breach Settlement Offers Compensation to Affected Individuals
In November 2024, Concord Orthopaedics Professional Association experienced a targeted cyberattack that compromised the personal data of 72,815 individuals. The breach exposed sensitive information, including names, dates of birth, Social Security numbers, health insurance details, and driver’s license or state ID numbers.
A class action lawsuit followed, alleging inadequate security measures. While Concord Orthopaedics denies wrongdoing, the company has agreed to a settlement to resolve the claims. Affected individuals defined as U.S. residents who received a breach notification may be eligible for compensation and identity protection services.
Eligible Claims and Payouts
Class members can submit claims for:
- Documented losses (up to $3,000) for out-of-pocket expenses related to identity theft or fraud, such as credit monitoring fees, ID replacement costs, or financial losses.
- Lost time (up to $100) for up to four hours spent responding to the breach at $25 per hour.
- Alternate cash payment ($50) as a substitute for lost time.
- Medical Shield Monitoring, a one-year service including $1 million in medical identity theft insurance and monitoring for healthcare-related fraud.
Claimants may receive either the lost time payment or the $50 cash payment, but not both. Those claiming documented losses may also choose one of the two time-based payments.
How to File a Claim
To participate, affected individuals must submit a claim form by July 8, 2026, either online, by mail, or via email. Documentation, such as receipts or bank statements, is required for reimbursement of losses but not for lost time claims. Payments will be distributed after the court’s final approval hearing on June 23, 2026, pending any appeals.
The settlement fund will cover payments to class members, attorneys’ fees ($200,000), and service awards ($1,500 each) to class representatives. Concord Orthopaedics will pay these fees separately.
Source: https://www.claimdepot.com/settlements/concord-data-settlement
Concord Orthopaedics cybersecurity rating report: https://www.rankiteo.com/company/concord-orthopaedics
"id": "CON1774945985",
"linkid": "concord-orthopaedics",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '72,815',
'industry': 'Healthcare',
'location': 'U.S.',
'name': 'Concord Orthopaedics Professional Association',
'type': 'Healthcare Provider'}],
'customer_advisories': 'Breach notification and settlement details provided '
'to affected individuals',
'data_breach': {'number_of_records_exposed': '72,815',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Dates of birth',
'Social Security numbers',
'Health insurance details',
'Driver’s license or state ID '
'numbers']},
'date_detected': '2024-11',
'description': 'In November 2024, Concord Orthopaedics Professional '
'Association experienced a targeted cyberattack that '
'compromised the personal data of 72,815 individuals. The '
'breach exposed sensitive information, including names, dates '
'of birth, Social Security numbers, health insurance details, '
'and driver’s license or state ID numbers. A class action '
'lawsuit followed, alleging inadequate security measures. '
'While Concord Orthopaedics denies wrongdoing, the company has '
'agreed to a settlement to resolve the claims.',
'impact': {'data_compromised': '72,815 records',
'identity_theft_risk': 'High',
'legal_liabilities': 'Class action lawsuit settlement'},
'references': [{'source': 'Settlement Notice'}],
'regulatory_compliance': {'legal_actions': 'Class action lawsuit'},
'response': {'communication_strategy': 'Breach notification to affected '
'individuals'},
'title': 'Concord Orthopaedics Data Breach Settlement',
'type': 'Data Breach'}