The agreement resolves litigation tied to a 2024 cyberattack that exposed member information.
Group Health Cooperative of South Central Wisconsin has agreed to a $3.5 million settlement to resolve consolidated class action litigation stemming from a cyberattack discovered in January 2024. The nonprofit health plan reported that attackers gained unauthorized access to its network, and a forensic review later confirmed that personal and health information belonging to more than 533,000 current and former members, as well as dependents, was exposed. The affected data included identifying and government-related information associated with health plan membership.
Multiple lawsuits were filed after notifications were issued, and the claims were later consolidated in the Dane County Circuit Court. Plaintiffs alleged that insufficient safeguards allowed the intrusion and delayed detection of unauthorized activity. Group Health Cooperative denied wrongdoing and disputed the legal claims. Both sides ultimately agreed to settle after weighing the cost, duration, and uncertainty of continued litigation. The court has granted preliminary approval, and the settlement provides monitoring services and limited financial relief options to affected individuals.
In court filings, the health plan stated that the settlement does not represent an admission of liability. Plaintiffs argued that the exposed data created ongoing risks of identity misuse and fraud. Attorneys for both sides said the agreement avoids extended litigation and allows members to access protective services without waiting years for a trial outcome. A final approval hearing is scheduled for early 2026.
Large-scale breaches involving health insurers and plans continue to draw legal scrutiny because they expose both financial identifiers and sensitive health coverage data. According to the 2024 Cost of a Data Breach Report, breaches involving highly sensitive personal information, including Social Security numbers and government-issued identifiers, are associated with much higher legal, regulatory, and post-breach response costs. The report notes that healthcare organizations already face the highest average breach costs of any industry, and that incidents affecting large populations of individuals further increase litigation risk and settlement pressure. As a result, organizations increasingly opt for negotiated settlements to limit prolonged legal exposure and escalating recovery expenses.
Health plans maintain centralized systems that store information for current and former members, dependents, and beneficiaries, which can result in broad exposure from a single incident.
No. Settlements typically resolve disputes without admissions of wrongdoing and are often reached to limit legal costs and uncertainty.
Information such as Social Security numbers, government program identifiers, and contact details can raise the likelihood of identity related fraud.
Large affected populations and shared allegations of inadequate safeguards often lead plaintiffs to pursue consolidated legal action.
They should review account statements, monitor credit activity, follow guidance provided in official notices, and remain alert to unexpected communications referencing their health coverage.