LINCOLN (LN) — U.S. District Judge Susan M. Bazis granted final approval of a $4 million class action settlement Medical Management data breach litigation on Friday, rejecting a single objection and awarding class counsel one-third of the fund in attorneys’ fees.
The settlement resolves claims that ALN Medical Management LLC, a healthcare advisory firm, compromised the private information of approximately 1.6 million current and former patients of its clients in a data breach that occurred in March 2024.
The compromised data included names, Social Security numbers, driver’s license numbers, government-issued ID numbers, financial information, and medical and health insurance data, according to the court order.
ALN’s clients include Allied Physicians Group, Bethany Medical Clinic of New York, Hoag Clinic, and National Spine and Pain Centers, all of whom are settling defendants. Long View Systems Corporation (USA) is the only named defendant not part of the settlement.
Under the terms of the agreement, class members can submit claims for documented losses up to $5,000 or receive an estimated $50 pro rata payment if claims are insufficient to cover the full amount. The settlement also provides one year of credit monitoring and up to $1 million in identity theft insurance.
Bazis found the settlement fair, reasonable, and adequate, noting that data breach litigation is “risky, expensive, and complex” and that plaintiffs acknowledged “significant risks and challenges” to succeeding on the merits.
The court approved attorneys’ fees of $1.33 million, representing one-third of the settlement fund, plus $29,082.06 in litigation costs. Bazis determined the fee request was reasonable under the percentage-of-the-fund method, citing the contingency nature of the case and the skill required to navigate the procedural hurdles of class action data breach litigation.
The court also approved $2,500 service awards for each of the eight class representatives: Cameron Reed, Eugene Rosenberg, Lauren Mullis, Jeffrey Judka, Virginia Gilleland, Robert Meyers, Caroline Hurley, and Timothy Keggins.
The approval came after a fairness hearing on May 15, 2026, where Bazis overruled an objection filed by Robin Babu. Babu, the father of a class member, argued the settlement did not provide sufficient compensation for minors whose information was compromised, citing an instance where his daughter’s identity was allegedly used to file a fraudulent tax return.
Bazis rejected the objection, stating Babu failed to identify how the settlement terms were not fair, reasonable, or adequate, and noted that Babu had the option to opt out of the class but did not do so.
Notice of the settlement was sent to approximately 1.6 million class members. Of the 1,635,849 certified settlement class members, 1,554,295 likely received notice. The settlement administrator sent 710,644 email notices and 914,905 postcard notices, with 95 percent of notices presumed delivered.
Eleven class members opted out of the settlement, and 27,631 members filed claims, resulting in a claim rate of 1.69 percent. Bazis noted that while low, this rate is not unusual for data breach cases.
The action will be dismissed with prejudice against all named defendants except Long View Systems Corporation (USA).