
Lucent Health Solutions has agreed to a proposed settlement that would make up to $1.95 million available to people whose protected health information was caught up in a 2023 email-account breach. The deal, which still needs final approval from a federal judge, covers roughly 37,000 class members and offers several options, including reimbursement for out-of-pocket losses, a modest one-time cash payment, and three years of medical-data monitoring. The company continues to deny any wrongdoing.
According to The HIPAA Journal, the incident started with a phishing attack in October 2023 that let a threat actor obtain credentials for a corporate email account and access it for roughly 90 minutes. That account reportedly held names, dates of birth, Social Security numbers, and health, dental, and vision plan identifiers. Affected people were notified in January 2025, about 15 months after the intrusion. The outlet reports that Lucent has said it found no evidence that data were exfiltrated, while the complaint accuses the company of failing to implement reasonable cybersecurity measures.
Settlement details for affected people
As described on the Lucent Health Data Breach Settlement, class members can submit claims for documented ordinary losses of up to $550, or for extraordinary losses from fraud or identity theft of up to $5,500. Claimants may also seek up to five hours of lost time at $25 per hour, or instead opt for a one-time $80 cash payment. In addition, every class member is eligible for a three-year subscription to the CyEx Medical Shield Complete monitoring service. The notice cautions that all approved claims will be paid from the capped settlement fund and may be reduced on a pro rata basis if total approved claims exceed the available money.
How the settlement came together
The settlement agreement filed with the court, available on ClassAction.org, caps Lucent’s total liability at $1,950,000. That fund is intended to cover payments to class members, settlement administration costs, any court-approved attorneys’ fees, and a service award for the named plaintiff. The parties reached the material terms during mediation on August 29, 2025, and the agreement specifies that Lucent does not admit liability.
According to federal docket entries on Justia, the case was removed to the U.S. District Court for the Middle District of Tennessee in April 2025, and the record reflects related procedural activity since then.
Deadlines and next steps
The notice sets an objection and opt-out deadline of August 21, 2026, a claim submission deadline of September 5, 2026, and a final fairness hearing for September 9, 2026, at 9:30 a.m., according to the Lucent Health Data Breach Settlement. Anyone who does not opt out will remain in the class but can still submit a claim. Those who want to object or exclude themselves must follow the procedures outlined in the court notice. The settlement administrator can be contacted through the site or by calling the toll-free number listed on the notice for assistance with forms.
Legal notes
The settlement papers on ClassAction.org reiterate that Lucent denies the allegations and does not admit any wrongdoing. Class counsel plan to seek attorneys’ fees and costs of up to $650,000, and the class representative may request a service award of up to $5,000. Those amounts would come out of the overall settlement cap if approved by the court. If final approval is granted, the agreement would release Lucent from the claims described in the complaint and prevent class members from bringing the same claims in the future.
If you think you might be in the class, watch for a mailed notice or check the court filing and the Lucent Health Data Breach Settlement to confirm your eligibility and submit a claim. The HIPAA Journal and other breach notices recommend keeping a close eye on financial and medical statements, reporting suspicious activity quickly, and considering a fraud alert or credit freeze if you see signs of identity misuse. For questions about legal options, you can review the contact details in the settlement notice or speak with an attorney experienced in data-breach class actions.









