NextGen Healthcare Settles $19.4M Class Action Over 2023 Data Breach
NextGen Healthcare, a health technology provider serving over 1,600 healthcare organizations, has agreed to a $19.4 million class action settlement to resolve claims stemming from a 2023 data breach that exposed sensitive patient information.
The breach, detected on April 28, 2023, resulted from a third-party cyberattack that compromised personal data, including names, addresses, dates of birth, Social Security numbers, health insurance details, and driver’s license numbers. While NextGen has not admitted wrongdoing, the settlement aims to compensate affected individuals.
Under the agreement, class members those whose data was exposed can claim:
- Up to $7,500 for out-of-pocket expenses (e.g., fraudulent charges, identity theft costs, credit monitoring).
- Up to $250 for lost time (10 hours at $25/hour).
- A $50 or $150 cash payment (with California residents eligible for the higher amount).
- Three years of identity defense and restoration services.
Key deadlines:
- Exclusion/objection deadline: February 12, 2026.
- Final approval hearing: February 17, 2026.
- Claim submission deadline: March 30, 2026.
The settlement resolves allegations that NextGen failed to adequately protect patient data, marking one of the largest healthcare breach settlements in recent years.
NextGen Healthcare cybersecurity rating report: https://www.rankiteo.com/company/nextgenhealthcareinc
"id": "NEX1768962007",
"linkid": "nextgenhealthcareinc",
"type": "Breach",
"date": "4/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Patients whose data was exposed',
'industry': 'Healthcare',
'name': 'NextGen Healthcare',
'size': 'Serves over 1,600 healthcare organizations',
'type': 'Health technology provider'}],
'attack_vector': 'Third-party cyberattack',
'customer_advisories': 'Settlement details and claim submission deadlines '
'provided to affected individuals',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Addresses',
'Dates of birth',
'Social Security numbers',
'Health insurance details',
'Driver’s license numbers']},
'date_detected': '2023-04-28',
'description': 'NextGen Healthcare, a health technology provider serving over '
'1,600 healthcare organizations, has agreed to a $19.4 million '
'class action settlement to resolve claims stemming from a '
'2023 data breach that exposed sensitive patient information. '
'The breach resulted from a third-party cyberattack that '
'compromised personal data, including names, addresses, dates '
'of birth, Social Security numbers, health insurance details, '
'and driver’s license numbers.',
'impact': {'data_compromised': 'Sensitive patient information',
'financial_loss': '$19.4 million settlement',
'identity_theft_risk': 'High',
'legal_liabilities': 'Class action settlement'},
'post_incident_analysis': {'root_causes': 'Alleged failure to adequately '
'protect patient data'},
'references': [{'source': 'Cyber incident description'}],
'regulatory_compliance': {'legal_actions': 'Class action lawsuit'},
'title': 'NextGen Healthcare Settles $19.4M Class Action Over 2023 Data '
'Breach',
'type': 'Data Breach'}