Emergency Medical Services Authority Settles Class Action Lawsuit for $1.5 Million

March 1, 2026HIPAA News Today0

Emergency Medical Services Authority will establish a settlement fund to resolve class action litigation arising from a 2024 cyberattack that exposed individuals’ protected health information (PHI).

Data Incident and Litigation

Emergency Medical Services Authority identified a cybersecurity incident involving unauthorized access to its network that occurred between February 10, 2024 and February 13, 2024. The breach report submitted to the HHS Office of Civil Rights indicated that 611,743 individuals were affected. Breached data included names, addresses, birth dates, dates of service, and Social Security numbers.

Two class action lawsuits were filed in response to the data incident. The lawsuits were consolidated in the District Court of Oklahoma County under the Quick and Lance v Emergency Medical Services Authority, Case No. CJ-2024-2470. EMSA denied all allegations of liability and sought dismissal of the complaint. A motion to dismiss was sustained in part and denied in part, and the litigation proceeded to discovery. A second motion to dismiss was filed for lack of jurisdiction, after which the parties agreed to settle instead of continuing litigation.

The settlement agreement requires EMSA to establish a $1.5 million fund to cover attorneys’ fees and expenses, administrative costs, service awards to class representatives, and benefits to class members. Under the settlement, class members may submit documented claims for unreimbursed losses up to $3,000 each or compensation for up to four hours of lost time at $15 per hour, which is included in the overall $3,000 cap. Claims may also be submitted for a two-year membership with single-bureau credit monitoring and identity theft protection services. The deadline to submit claims is March 5, 2026, and a final fairness hearing is scheduled for April 5, 2026.

The settlement class includes individuals in the United States who were mailed notice that their personal information may have been impacted by the 2024 data incident. Under the settlement terms available on the official settlement website, eligible class members may submit a claim form for compensation for out-of-pocket losses, lost time without documentation, and credit monitoring benefits. The preliminary approval order for the settlement was entered on November 7, 2025. Settlement class rights and options are outlined on the settlement website, including instructions for submitting claims and information on eligibility criteria based on notification of information impact.

About Thomas Brown
Thomas Brown worked as a reporter for several years on ComplianceHome. Thomas is a seasoned journalist with several years experience in the healthcare sector and has contributed to healthcare and information technology news publishers. Thomas has a particular interest in the application of healthcare information technology to better serve the interest of patients, including areas such as data protection and innovations such as telehealth. Follow Thomas on X https://x.com/Thomas7Brown

ComplianceHome is a registered trademark. Copyright © 2026 ComplianceHome. All rights reserved.