The class action lawsuit stems from a severe cyberattack discovered by the healthcare providers in January 2025. Mt. Baker Imaging, a medical imaging company located in Washington state, partners with Northwest Radiologists to interpret patient medical scans.
A digital forensic investigation launched after the attack revealed that an unauthorized third party successfully infiltrated the companies’ computer networks. Hackers maintained active access to the system for nearly a week, spanning from January 20, 2025, to January 25, 2025. During this time, the cybercriminals targeted and stole files containing extensive patient profiles.
How Many Patients Were Affected by the Ransomware Attack?
The scale of the data exposure makes it one of the more significant healthcare breaches in the region. According to official reports filed with government regulators, the incident compromised the private information of hundreds of thousands of everyday people.
The companies reported the data breach to the Washington Attorney General, confirming that 348,118 residents within the state were affected. Additionally, the providers notified the federal government’s U.S. Department of Health and Human Services’ Office for Civil Rights that the protected health information of up to 362,713 total individuals across the country was exposed during the five-day network intrusion.
What Are the Details of the $3.3 Million Settlement?
While both Mt. Baker Imaging and Northwest Radiologists maintain they did nothing wrong and disagree with the legal allegations raised in the lawsuit, all parties ultimately agreed to a $3.3 million settlement. The agreement allows the parties to avoid the extreme costs, prolonged timelines, and inherent risks of continuing a lengthy courtroom battle.
The $3.3 million settlement fund will be managed by an independent administrator. The money will be used to pay for administrative notification costs, legal fees, and service awards for the nine class representatives who stepped forward to lead the litigation. The significant remainder of the fund will be distributed directly to the approximately 340,184 class members to provide real financial relief.
How to File a Claim and What You Could Receive
If you are an eligible class member, you have the right to file a claim to receive both protective services and financial compensation. The settlement structure offers a multi-tiered benefit system designed to help everyday people secure their digital lives and recoup losses stemming from the breach.
First, all participating class members are entitled to claim a free, two-year membership for medical identity theft protection and credit monitoring services. Second, if you spent money out of pocket to deal with identity theft or fraud caused by this breach, you can submit documentation to receive a reimbursement of up to $5,000 for your unreimbursed losses. Finally, you can claim a pro rata cash payment, which will distribute the remaining funds equally among all claimants after the monitoring services and administrative costs are covered
What Are the Deadlines to Take Action in This Case?
If you wish to participate, object, or exclude yourself from this settlement, you must act quickly, as the court-ordered windows are rapidly closing. You do not have to stand alone when dealing with the fallout of a corporate data breach, but you must meet the formal legal deadlines to protect your rights.
The strict deadline to object to the terms of the settlement or to formally exclude yourself from the class action is July 20, 2026. If you want to claim your cash payout and medical identity monitoring services, you must submit a completed claim form by August 19, 2026. The court has already granted preliminary approval to the deal, and a final fairness hearing is scheduled for August 21, 2026, where a judge will decide whether to officially finalize the agreement.
How ClassActionU.org Empowers You to Hold Companies Accountable
At ClassActionU.org, we believe large healthcare corporations have a fundamental duty to protect the highly personal medical and financial data you entrust to them. When companies fail to maintain strict security protocols, everyday people pay the price through identity theft, spam, and financial stress. Lawsuits like this are designed to hold companies accountable for their digital safeguards.
If your data was exposed in this breach, you should visit the official settlement website to submit your claim form before the August deadline. If you have questions about your consumer rights or want to learn about active investigations involving other corporate data leaks, you can connect with an experienced attorney through our network. There is absolutely no cost or obligation to reach out, ask questions, and learn how to defend your personal privacy.