McKenzie Memorial Hospital, doing business as McKenzie Health System ("McKenzie"), is a health system based in Sandusky, Michigan. McKenzie says it discovered a targeted cyberattack on its computer network in April 2025, and that an unauthorized party accessed files containing patients' private information. McKenzie began mailing notification letters to affected individuals in the following months.
A proposed class action followed in the Circuit Court for Sanilac County, Michigan, alleging McKenzie failed to reasonably safeguard patients' personal and medical information. McKenzie denies any wrongdoing, and the court has not decided who is right; the parties agreed to a settlement to avoid the cost and risk of continued litigation. The case is In Re: McKenzie Memorial Hospital d/b/a McKenzie Health System 2025 Data Breach Litigation, Case No. 2025-40999-CZ.
Eligible class members can now enroll in credit monitoring and file for a cash payment. The deadline to file a claim, exclude yourself, or object is August 24, 2026. This page explains who qualifies, what you can get, and how to file.
Status
Claims Open
Claim Deadline
August 24, 2026
Estimated Payout
$50 or up to $4,000
Flat $50 cash (no proof) or up to $4,000 for documented losses · plus 2 years of free credit monitoring
Proof Required
Yes
LoginID and PIN from the mailed or emailed notice are required to file online
The settlement class is all living persons in the United States whose private information was potentially compromised as a result of the April 2025 data incident, including everyone who was sent a notification letter from McKenzie about it.
Excluded from the class are McKenzie and its officers, directors, and related companies; governmental entities; the judge assigned to the case and the judge's family and staff; and anyone who perpetrated the data incident. If McKenzie's records show you were affected, you are a class member even if you never received the earlier notice directly.
All class members can enroll in two years of CyEx Financial Shield Complete credit monitoring, which comes with up to $1 million in financial fraud insurance and monitoring for fraud or identity theft, unauthorized financial transactions, and personal information tied to high-risk transactions. A fraud resolution agent is available if anything suspicious turns up.
Class members can also choose one of two cash payment options:
Cash Payment A (Documented Losses) — reimbursement of up to $4,000 for actual, documented out-of-pocket losses fairly traceable to the data incident and incurred between April 14, 2025, and August 24, 2026. Covered expenses can include losses from identity theft or fraud, fees to obtain credit reports or to freeze and unfreeze credit, the cost of replacing IDs, and postage to contact banks by mail. You need supporting documentation, such as bank statements or receipts — self-prepared notes alone are not enough to support a claim. Expenses already reimbursed by a third party cannot be claimed.
Cash Payment B (Alternative Flat Payment) — a one-time $50 cash payment that requires no proof or explanation. You can choose only one of the two cash options, not both.
According to the settlement notice, the files accessed in the April 2025 incident may have contained:
- Name
- Address and date of birth
- Social Security number
- Patient account number and medical record number
- Diagnosis and treatment information
- Contact information
- Demographic information
Not every affected individual had all of these categories exposed; the specific data involved varied by person. According to HIPAA Journal's reporting on McKenzie's separate breach notice filings, the incident affected more than 54,000 people, and the compromised information McKenzie identified included names, Social Security numbers, and financial account information.
The deadline to file is August 24, 2026. File online at the official settlement website, McKenzie Health Settlement.com, where you submit your claim using the LoginID and PIN printed on the notice you were mailed or emailed. You can also download a printable Claim Form from the website and mail it, along with any supporting documentation, to the settlement administrator.
On the Claim Form, choose to enroll in credit monitoring and select Cash Payment A or Cash Payment B — you cannot claim both cash options on the same form. If you choose Cash Payment A, attach copies of your supporting documentation. If you cannot locate your LoginID and PIN, you can request help through the official settlement website.
- File a claim: August 24, 2026
- Exclude yourself (opt out): August 24, 2026
- Object to the settlement: August 24, 2026
- Final approval hearing: October 6, 2026 at 9:00 a.m. Eastern Time
If you do nothing, you remain in the class and give up your right to sue McKenzie over the data incident, but you will not receive a benefit unless you file a claim by the deadline. Settlement payments are typically issued after the court grants final approval and after any appeals are resolved.
Who qualifies for the McKenzie Health data breach settlement?
You qualify if you are a living person in the United States whose private information was potentially compromised in the April 2025 McKenzie data incident, including anyone who received a notification letter from McKenzie about it.
How much money can I get from the McKenzie Health settlement?
You can choose between two cash options: up to $4,000 in reimbursement for documented out-of-pocket losses tied to the breach, or a one-time $50 flat payment that requires no proof. All class members can also enroll in two years of free credit monitoring with $1 million in fraud insurance.
What is the deadline to file a claim?
The deadline to file a claim, exclude yourself from the settlement, or object is August 24, 2026. The final approval hearing is scheduled for October 6, 2026. Late claims are typically not accepted.
Do I need proof to file a McKenzie Health claim?
To file online you need the LoginID and PIN printed on the notice you were mailed or emailed, so the settlement is treated as proof-required. No documentation is needed for the $50 flat cash payment, but the up-to-$4,000 documented-losses option requires supporting records such as receipts or bank statements.
What personal data was exposed in the McKenzie Health breach?
According to the settlement notice, the files accessed in the April 2025 incident may have included names, addresses, dates of birth, Social Security numbers, patient account and medical record numbers, diagnosis and treatment information, contact information, and demographic information. Not every affected person had every category exposed.
Legitimate settlement administrators do not charge a fee to release a class action payment, and they do not ask for your full Social Security number, banking passwords, or a "processing payment" by text or phone. File only through the official settlement website linked on this page, and ignore unsolicited messages demanding money or sensitive credentials to "release" your check. To compare this case with others, see our roundup of open data breach settlements, our explainer on how a data breach class action works, and our writeup of the Lakeview Health data breach settlement — another health-system breach with a flat-cash-or-documented-loss claim.
For more class actions keep scrolling below.
Settlement Amount
Undisclosed
Estimated Payout
$50 cash or up to $4,000 documented
Case Title
In Re: McKenzie Memorial Hospital d/b/a McKenzie Health System 2025 Data Breach Litigation
Case Number
2025-40999-CZ
Court
Circuit Court for Sanilac County, Michigan
Claim Deadline
August 24, 2026
Final Approval Hearing
October 6, 2026 at 9:00 a.m. ET
Circuit Court for Sanilac County, Michigan
Administrator
Simpluris