Security Breaches

Dove Healthcare Management Services Resolves Data Breach Affecting Patient and Employee Information

By Daniel Lopez

Dove Healthcare Management Services has agreed to resolve litigation arising from a July 2024 cyberattack through a settlement that provides credit monitoring, identity theft protection services, cash payments, and cybersecurity improvements following allegations of exposed patient and employee information.

Data Breach and Incident Scope

Dove Healthcare Management Services, which provides nursing and rehabilitation care, assisted living, and palliative care services, experienced a cyberattack involving its information systems on or around July 6, 2024. The attack exposed names, dates of birth, Social Security numbers, driver’s license numbers, full face photographs, health information, and health insurance information belonging to patients and employees.

In compliance with HIPAA breach notification laws, notification letters related to the incident began being issued on March 18, 2025.

Litigation and Case Consolidation

A class action lawsuit was filed on March 26, 2025, followed by additional similar complaints. The cases were combined into one action in the Circuit Court of Eau Claire County, Wisconsin under the caption Miranda Meredith, et al. v. Dove Healthcare Management Services, LLC.

The complaints alleged responsibility on the part of Dove Healthcare Management Services for the cyber intrusion and resulting data exposure, and asserted that the incident could have been prevented through the implementation of industry-standard cybersecurity measures. The defendant denied the allegations, including claims of wrongdoing, fault, and liability. The parties later reached an agreement on settlement terms without an admission of liability.

Settlement Structure and Benefits

The settlement provides affected individuals with two years of complimentary credit monitoring and identity theft protection services.

Cash payment options include reimbursement of documented, unreimbursed losses up to $3,000 per class member. This category may include compensation for up to three hours of lost time calculated at $20 per hour.

An alternative cash payment option is available with an estimated value of approximately $50 per class member. The cash component is subject to a $150,000 fund cap. Any remaining funds after valid claims are paid will be distributed on a pro rata basis, which may reduce individual payment amounts depending on claim volume.

Cybersecurity Commitments and Court Process

The defendant has agreed to implement cybersecurity enhancements, with costs covered separately from the settlement fund.

The settlement has received preliminary court approval. The objection and exclusion deadline is June 22, 2026. The deadline for submitting claims is July 7, 2026. A final fairness hearing is scheduled for July 20, 2026.

Image credit: Andrey Popov, Adobestock

Twitter Facebook LinkedIn Reddit Link copied to clipboard

Posted by

Daniel Lopez

Daniel Lopez is the HIPAA trainer behind HIPAA Coach and the HIPAA subject matter expert for NetSec.news. Daniel has over 10 years experience as a HIPAA coach. Daniel provides his HIPAA expertise on several publications including Healthcare IT Journal and The HIPAA Guide. Daniel has studied Health Information Management before focusing his career on HIPAA compliance and protecting patient privacy. You can follow Daniel on Twitter / X https://twitter.com/DanielLHIPAA

Related News

OCR Imposes $1,165,000 in HIPAA Penalties on Four Covered Entities