$2.6M Class Action Lawsuit Settlement by Long Islang Plastic Surgical Group

March 22, 2026HIPAA News Today0

Long Island Plastic Surgical Group, P.C. agreed to a $2,600,000 settlement to resolve a consolidated class action lawsuit related to a January 2024 ransomware attack that involved unauthorized access to patient data.

Incident Overview

The incident involved a ransomware attack carried out by the ALPHV BlackCat ransomware group on January 4, 2024. A forensic investigation confirmed that unauthorized access to the network occurred between January 4, 2024, and January 8, 2024. The attacker encrypted the files after exfiltrating data from the network. The attack affected more than 161,000 current and former patients.

The compromise of data including personal identifiable information (PII) and protected health information (PHI) is subject to data privacy laws, such as HIPAA. The data elements compromised in the attack included full names, Social Security numbers, driver’s license numbers or state ID numbers, dates of birth, account numbers, biometric data, credit or debit card data, medical information, patient photographs, medical insurance policy information, and patient account numbers.

Ransomware Activity and Response

The ALPHV BlackCat ransomware group demanded payment to prevent publication of the stolen data on its dark web leak site. Long Island Plastic Surgical Group paid the ransom and received confirmation that the stolen data had been deleted. Affected individuals received notification by mail on October 4, 2024.

Legal Proceedings

Following notification, seven putative class action lawsuits were filed by patients. The lawsuits were consolidated under Baum et al. v. Long Island Plastic Surgical Group, P.C. in the Supreme Court of the State of New York, County of Nassau.

The consolidated complaint included claims of breach of implied contract, negligence, negligence per se,  unjust enrichment, breach of fiduciary duty, and the New York Consumer Law for Deceptive Acts and Practices Act violation.

Long Island Plastic Surgical Group denied all allegations and liability, including claims that plaintiffs experienced injury or damage resulting from the incident. The settlement was reached to avoid the time, expense, and uncertainty associated with extended lawsuit. Class counsel and class representatives determined that the settlement terms were in the interests of the class.

Settlement Terms

The settlement establishes a $2,600,000 fund. The fund will be used to pay the attorneys’ fees and expenses, settlement administration and notification costs, service awards for class representatives, and payments to class members.

Class members may submit claims for reimbursement of documented and unreimbursed expenses attributed to the data breach, with a maximum amount of $5,000 per individual. Class members may also elect to receive an alternative pro rata cash payment.

Class members whose clinical photographs were compromised may submit claims for an additional pro rata cash payment of up to $1,000. The exact amount of cash payment will depend on the number of claims submitted. Payments may be reduced based on remaining funds after payment of legal fees, expenses, service awards, administration costs, notification costs, and approved loss claims.

The deadline to object to or request exclusion from the settlement is May 4, 2026. Claims must be submitted by May 18, 2026. The final approval hearing is on June 2, 2026.

About Thomas Brown
Thomas Brown worked as a reporter for several years on ComplianceHome. Thomas is a seasoned journalist with several years experience in the healthcare sector and has contributed to healthcare and information technology news publishers. Thomas has a particular interest in the application of healthcare information technology to better serve the interest of patients, including areas such as data protection and innovations such as telehealth. Follow Thomas on X https://x.com/Thomas7Brown

ComplianceHome is a registered trademark. Copyright © 2026 ComplianceHome. All rights reserved.