Oglethorpe, a mental health and addiction recovery treatment facilities in Tampa, Florida, has agreed to litigation settlement connected to a June 2025 hacking incident that involved the theft of personal and protected health information (PHI) of 92,000 current and former patients and employees.
Oglethorpe discovered a hacking incident in June 2025. Based on the forensic investigation results, a hacker extracted data that contained names, driver’s license or state ID numbers, Social Security numbers, and medical information. Affected individuals started to receive notifications about the incident on October 31, 2025.
Multiple class action lawsuits were filed after the data breach. The lawsuits alleged that the incident could have been prevented if Oglethorpe had implemented reasonable and appropriate cybersecurity protocols. A consolidated lawsuit, Scott, et al. v. Oglethorpe, Inc., was filed in the Circuit Court for Broward County, Florida because the cases involved overlapping claims and were based on the same facts.
The consolidated lawsuit stated claims for breach of implied contract, unjust enrichment, negligence, and negligence per se. The plaintiffs also sought injunctive and declaratory relief. Oglethorpe denied wrongdoing, fault, and liability in connection with the claims.
The parties pursued discussions regarding an early resolution of the litigation to avoid legal costs and uncertainty associated with trial proceedings and appeals. The settlement was reached after several weeks of arms-length negotiations and was described as acceptable to all parties involved.
Under the settlement terms, Oglethorpe agreed to pay settlement administration and notification costs, attorneys’ fees and expenses, and class representatives service awards. A settlement fund of $350,000 will be established to provide benefits for class members.
Class members are eligible to enroll in one year of medical data monitoring services. The monitoring services include a medical identity theft insurance policy worth $1 million.
Class members may also pursue one of two cash benefit options. Eligible individuals may file claims to reimburse documented and unreimbursed expenses associated with the data breach up to a,0 maximum of $2,500 per class member. An alternative option allows class members to submit claims for a one-time cash payment of $75. The $75 payment may be reduced on a pro rata basis if the total amount of claims exceeds the $350,000 settlement fund.
The settlement has received preliminary court approval. A final fairness hearing is scheduled for June 22, 2026. Claims must be submitted by August 8, 2026. Individuals who wish to object to the settlement or exclude themselves from the settlement class must do so by June 8, 2026.
Image credit: DASHINKAN, AdobeStock
