New to ClassAction.org? Read our Newswire Disclaimer
Murfreesboro Medical Clinic (MMC) has agreed to settle a class action lawsuit over an April 2023 ransomware attack that allegedly compromised private patient and employee information.
Want to stay in the loop on class action lawsuits that matter to you? Sign up for ClassAction.org’s free weekly newsletter.
The MMC class action settlement received preliminary approval from the court on September 16, 2025 and covers all individuals whose private information may have been compromised as a result of the April 2023 Murfreesboro Medical Clinic & Surgicenter data breach, and to whom MMC sent a notice about the incident. Per court documents, the information of approximately 559,000 MMC patients and employees was potentially exposed in the incident.
The court-approved website for the MMC settlement can be found at https://MMCSettlement.com/.
Per the settlement site, MMC settlement class members who submit a valid, timely claim form have multiple options for reimbursement. Class members who submit a valid claim form for reimbursement of documented out-of-pocket expenses are entitled to receive a one-time cash payment of up to $500 to cover losses reasonably incurred as a result of the data breach. The class action settlement agreement details that reimbursable losses covered under this option include those related to identity theft, fees for credit repair services, costs to freeze and/or replace credit cards, and credit monitori
Murfreesboro Medical Clinic & SurgiCenter cybersecurity rating report: https://www.rankiteo.com/company/murfreesboro-medical-clinic-surgicenter
"id": "MUR1764655969",
"linkid": "murfreesboro-medical-clinic-surgicenter",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'incident': {'affected_entities': [{'customers_affected': 559000,
'industry': 'healthcare',
'location': 'Murfreesboro, Tennessee, USA',
'name': 'Murfreesboro Medical Clinic & '
'Surgicenter (MMC)',
'size': None,
'type': 'healthcare provider'}],
'customer_advisories': ['reimbursement for out-of-pocket '
'expenses (up to $500)',
'credit monitoring services'],
'data_breach': {'data_encryption': None,
'data_exfiltration': True,
'file_types_exposed': None,
'number_of_records_exposed': 559000,
'personally_identifiable_information': True,
'sensitivity_of_data': 'high '
'(private/confidential)',
'type_of_data_compromised': ['patient '
'information',
'employee '
'information']},
'description': 'Murfreesboro Medical Clinic (MMC) experienced a '
'ransomware attack in April 2023 that compromised '
'private patient and employee information, '
'affecting approximately 559,000 individuals. The '
'incident led to a class action lawsuit, which '
'was preliminarily approved for settlement on '
'September 16, 2025. The settlement offers '
'reimbursement of up to $500 for documented '
'out-of-pocket expenses related to identity '
'theft, credit repair, and monitoring services.',
'impact': {'brand_reputation_impact': True,
'conversion_rate_impact': None,
'customer_complaints': True,
'data_compromised': True,
'downtime': None,
'financial_loss': None,
'identity_theft_risk': True,
'legal_liabilities': True,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': ['patient data',
'employee data'],
'reconnaissance_period': None},
'investigation_status': 'settled (preliminary approval granted '
'on September 16, 2025)',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': True,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'ClassAction.org',
'url': 'https://MMCSettlement.com/'}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': ['class action '
'lawsuit',
'settlement '
'agreement'],
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': ['notice sent to affected '
'individuals',
'settlement website '
'(https://MMCSettlement.com/)'],
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'stakeholder_advisories': ['court-approved settlement website',
'notice to affected individuals'],
'title': 'Murfreesboro Medical Clinic Ransomware Attack and Data '
'Breach (April 2023)',
'type': ['ransomware', 'data breach']}}