Akeela data breach settlement receives preliminary approval for 50k

The Anchorage, Alaska-based mental health and substance use disorder treatment provider has agreed to settle a suit following a 2023 data breach.

What happened

A case against Akeela Inc., titled Batin et al. v. Akeela, Inc., has recently been settled and received preliminary approval from the court. The settlement agreement alleges that Akeela failed to adequately secure its network, allowing cybercriminals to access sensitive data. As part of this agreement, Akeela will pay for court and attorney fees. A settlement amount of $50,000 will go to paying for class members’ identity theft protection and credit monitoring for two years. The remaining money will be divided amongst class action members and used for rewarding the class representatives.

The specific Batin et al case follows a smaller, but similar suit, Jessica McRorie v. Akeela Inc, that had also been settled in July of 2025, but never received approval. The plaintiff in that case, Jessica McRorie, dismissed her complaint and joined the Batin complaint, which made very similar arguments.

The backstory

The settlement is linked to a data breach that impacted Akeela back in June of 2023, when Akeela experienced an IT network disruption. Through an investigation, Akeela determined that an unauthorized actor had accessed and exfiltrated administrative files containing patients’ protected health information. Ultimately, the data accessed and stolen included names, dates of birth, Social Security numbers, and diagnosis and treatment information. Approximately 284,000 individuals were impacted.

Why it matters

While class action suits are often a lengthy process, this situation was further complicated by the multiple lawsuits, both of which got fairly far in the litigation process before being consolidated. Consolidation is generally done to avoid duplicate lawsuits and for plaintiffs to be put in the best position possible to win the case.

The big picture

The settlement comes amidst changes in how the Department of Health and Human Services handles data breaches related to substance use disorder (SUD) treatment. On February 16th, the HHS’s Office for Civil Rights (OCR) launched a new program to increase enforcement mechanisms for protecting these records. As part of their efforts, a new portal has also been created to specifically monitor cases related to SUD treatment records.

The changes reflect the broad understanding that SUD and mental health records can be particularly sensitive, something that can make individuals hesitant to receive the care they need. These concerns were highlighted in a 2023 study, Cybersecurity: A Critical Priority for Digital Mental Health, which noted that cyberattacks can “potentially trigger or exacerbate issues such as anxiety, insomnia, trauma, paranoia, substance abuse, or even suicidal behaviors and actions, or the repetition of these kinds of ‘cybertrauma.’”

FAQs

Why is this data breach settlement relatively lower than others?

Settlement numbers can vary greatly and depend on the specifics of the case. While it’s unclear exactly what led to the $50,000 settlement, it may be because there were limited financial impacts on the victims.

Could Akeela face enforcement measures from the OCR?

While it’s possible Akeela could receive a fine or penalty from the OCR, it’s unlikely given the time that has passed since the incident.