Mission Community Hospital Agrees to $1.55 Million Settlement in Data Breach Litigation

June 1, 2026HIPAA News Today0

Mission Community Hospital in California has agreed to pay $1,546,409.42 to settle consolidated class action litigation related to a cyberattack and data breach that was discovered on May 1, 2023.

The settlement resolves claims brought against Deanco Healthcare, LLC, in a litigation that stemmed from a cyberattack identified by the hospital on May 1, 2023.  Deanco Healthcare operates the acute care hospital, Mission Community Hospital, which serves patients in the San Fernando Valley in California.

According to a forensic investigation, unauthorized access began on the same day the incident was discovered. The attack was identified and contained shortly thereafter. The investigation determined that files containing patient information were exfiltrated during the incident.

The incident resulted in the compromise of data including names, addresses, dates of birth, Social Security numbers, driver’s license numbers, and financial account information. The Ransomhouse ransomware group claimed responsibility for the attack and stated that approximately 2.5 terabytes of data had been exfiltrated.

The data breach was reported to the U.S. Department of Health and Human Services Office for Civil Rights as affecting 269,547 individuals. Two class action lawsuits were filed in the Superior Court of California for the County of Los Angeles following the data breach. The cases were consolidated into a single action, Concepcion et al. v. Deanco Healthcare, because the lawsuits contained similar claims.

The consolidated complaint alleged that Deanco Healthcare was negligent in preventing the cyberattack, thus resulting in a data breach.  The hospital denied the allegations and maintained that it had not engaged in wrongdoing and had no liability related to the claims.

The parties agreed to settle the litigation to avoid the costs associated with continued legal proceedings and the uncertainty of a trial. Under the settlement terms, class members are individuals who received notification from Mission Community Hospital, Deanco Healthcare, or a Deanco affiliate indicating that they were affected by the incident.

The settlement fund will be used to provide benefits to eligible class members after payment of attorneys’ fees and expenses of $541,243.30 plus up to $50,000, service awards totaling $4,000 for the class representatives, and settlement administration costs of up to $235,400.

If claims exceed the remaining settlement funds, payments will be made on a pro rata basis. Eligible class members may claim a two-year membership to a medical data monitoring service. Class members who were California residents at the time of the data breach may also claim a statutory payment of $100.

The settlement permits claims for reimbursement of documented and unreimbursed losses that are attributed to the data breach, up to a maximum of $5,000 per class member. Class members may also submit claims for a cash payment. Any such payments will be distributed on a pro rata basis from the residual settlement funds after other available benefits have been provided.

The deadline for objections and requests for exclusion from the settlement is July 13, 2026. The deadline for filing claims is August 12, 2026. A final approval hearing has been scheduled for September 9, 2026.

About Thomas Brown
Thomas Brown worked as a reporter for several years on ComplianceHome. Thomas is a seasoned journalist with several years experience in the healthcare sector and has contributed to healthcare and information technology news publishers. Thomas has a particular interest in the application of healthcare information technology to better serve the interest of patients, including areas such as data protection and innovations such as telehealth. Follow Thomas on X https://x.com/Thomas7Brown

ComplianceHome is a registered trademark. Copyright © 2026 ComplianceHome. All rights reserved.