Essen Medical Associates: $4M Settlement Reached After 900K Patient Data Breach

March 24, 2026 Lucas Fernandez – World Editor World

Essen Medical Associates has agreed to a $4 million settlement to resolve a class action lawsuit stemming from a 2023 data breach that compromised the personal information of nearly one million individuals, according to court documents and legal notices filed this month.

The settlement, which received preliminary approval on January 8, 2026, concludes the case Rivera, et al. V. Essen Medical Associates, P.C., filed in the Supreme Court of the State of New York, County of Bronx. Plaintiffs alleged that Essen Medical Associates failed to implement adequate cybersecurity measures, leading to the preventable breach and subsequent exposure of sensitive patient data.

The breach occurred between March 14 and March 22, 2023, after Essen detected suspicious activity on March 17th. Compromised data included names, driver’s license numbers, passport numbers, financial account details, Social Security numbers, medical treatment information, and medical insurance information, impacting 904,672 current and former patients, according to a statement released by Compliance Junction.

The lawsuit detailed claims of negligence, breach of fiduciary duty, and violations of New York’s Deceptive Trade Practices Act. Plaintiffs argued that Essen stored sensitive information on systems vulnerable to cyberattacks and failed to provide timely notification to affected individuals, hindering their ability to mitigate potential fraud or identity theft.

Under the terms of the settlement, a $4 million fund will be established to cover attorney fees, expenses, and service awards for the class representatives. Individuals affected by the breach can submit claims for reimbursement of documented losses, including unreimbursed fraudulent charges, identity theft expenses, and credit monitoring costs, up to a maximum of $5,000 per claimant. Class members are also eligible to receive a $100 cash payment, though these payments may be reduced pro rata based on the total number of claims filed.

The deadline for submitting claims is June 1, 2026, and the deadline for exclusion or objection is May 4, 2026. A final approval hearing is scheduled for July 7, 2026.

The Identity Theft Resource Center reports that 60% of data breach victims experience immediate anxiety, and 50% are primarily concerned about financial fraud. The report also notes that 54% of consumers report an increase in targeted phishing attempts following a data breach.

The financial impact of data breaches on healthcare organizations is substantial and increasing. Solara Medical Supplies recently faced a $9.76 million suit, alongside other costs related to breach resolution, including fines from the Office for Civil Rights. The Essen Medical Associates settlement underscores the growing financial risks associated with cybersecurity vulnerabilities in the healthcare sector.