Essen Medical Associates agree to $4 million settlement

The settlement follows a 2023 data breach that impacted nearly one million individuals.

What happened

Essen Medical Associates, a New York-based healthcare provider, reached a preliminary class action lawsuit settlement. The settlement will close the class action suit, Rivera, et al. v. Essen Medical Associates, P.C that formed with six plaintiffs, following a data breach that was allegedly preventable. The lawsuit asserted claims that Essen was negligent, breached implied contract, and breached fiduciary, amongst other claims.

Under the settlement, Essen will establish a $4 million settlement fund to cover attorney fees and expenses, alongside service awards for the class representatives.

The backstory

The breach at Essen took place in March 2023, ultimately impacting 904,672 individuals. According to their initial data breach notice, Essen discovered suspicious activity on March 17th, 2023, and determined a breach happened between March 14th and March 22nd, 2023. The dates show that Essen discovered the breach while it took place, but were not able to contain it for several days. Ultimately, the data involved included names, driver’s license numbers or other identification information (including passport information), financial information, Social Security numbers, and medical insurance and treatment information.

Why it matters

Class action lawsuits are meant to mitigate the financial impacts a data breach can have on victims. According to a report from The Identity Theft Resource Center on the impacts of breaches from 2025, 60% of victims in data breaches feel an immediate sense of anxiety. 50% of victims are primarily concerned with financial fraud, which, according to the report, is “a well-founded concern, as 54% of consumers reported an increase in targeted phishing attempts after a breach.”

The big picture

While data breaches can result in fraud for victims, they also have significant financial impacts on healthcare organizations. The cost of a data breach has steadily increased over the years. Solara Medical Supplies, for instance, faced a $9.76 million suit, alongside other costs related to resolving the breach, like fines from the Office for Civil Rights (OCR). For smaller or medium providers, the costs can even result in them shutting their doors forever. While Essen remains operational, the lawsuit’s financial impact will likely be felt for several years to come.

FAQs

Why do data breach lawsuits get consolidated?

Class action lawsuits frequently get consolidated because multiple victims, the plaintiffs, ultimately are making similar claims. Consolidating the lawsuits helps ensure all class members are represented fairly, can make a stronger lawsuit, and can decrease the strain on the court.

Does every data breach lawsuit result in a settlement?

Not necessarily, but Paubox has rarely seen a data breach lawsuit that didn’t result in a settlement. One case linked to a data breach did go to trial, but the lawsuit itself alleged that a legal team mishandled the legal response to a breach. In this case, the jury sided with the defendant, the law firm.