.Com TLD wellnow data security settlement com

wellnow data security settlement com

May 20, 2025

Nearly 600,000 people had their personal data compromised in a 2023 ransomware attack on WellNow Urgent Care. Now there’s a $4.4 million class action settlement on the table—here’s what happened, who’s eligible, and how to claim your cut.

The breach started with ransomware and ended with lawsuits

This wasn’t just another “oops, your info got out” situation. On April 25, 2023, WellNow Urgent Care got hit with ransomware. That’s the type of cyberattack where hackers lock up your files and demand money to return access. But in this case, it wasn’t just about shutting things down—it exposed patient data too.

We're talking names, birthdates, health insurance details, medical treatment info. And for over 55,000 people, it included Social Security numbers. That’s not the kind of stuff you want floating around the dark web.

WellNow runs urgent care clinics in New York, Illinois, Michigan, and Ohio, but the breach affected people across states—about 597,000 in total.

Patients sued—WellNow decided to settle

Fast forward to 2024. A group of patients filed a class action lawsuit against WellNow and its parent companies, including The Aspen Group and Aspen Dental. The claim? WellNow didn’t do enough to protect sensitive data, and now thousands of people are vulnerable to identity theft or worse.

WellNow didn’t admit fault, which is pretty typical in these cases. But they agreed to settle rather than drag things out in court. The total settlement amount? $4.4 million. Of that, $1.1 million is set aside specifically for victims whose Social Security numbers were involved.

Not everyone gets the same deal

The settlement splits people into two groups. If your Social Security number was part of the breach, you’re in the SSN group. Everyone else—those whose names and other details were exposed but not their SSNs—falls into the Non-SSN group.

Here’s where it gets real: only people in the SSN group can claim a piece of the straight cash payout. The rest can still file claims, but the options are more limited.

If your SSN was involved, you can:

  • Get reimbursed for up to $7,500 in out-of-pocket costs caused by the breach.

  • Claim compensation for up to 3 hours of lost time, billed at $25 per hour.

  • Or skip the paperwork and just take a pro-rata share of the $1.1 million fund.

The Non-SSN group can also claim expenses and lost time (up to 2 hours at $25/hr), but they’re not eligible for the straight cash payment.

So what counts as “expenses”?

Not just anything. You need to prove that you spent money dealing with the fallout from the breach. That could be credit monitoring services, bank fees, fraud-related expenses, or anything tied directly to identity theft or fraud from this incident.

If you’re claiming lost time, that means stuff like calling banks, freezing credit, or reporting fraud to the FTC. You’ll have to say what you did and when—though you don’t need receipts for that part. For expense claims though, documentation is a must.

Claim deadline is right around the corner

You’ve got until July 11, 2025 to submit a claim, opt out, or object to the settlement. The final hearing is set for August 15, 2025. If everything goes smoothly and no one appeals, payments should start going out within 75 days of court approval.

If you’re eligible, you should’ve received a mailed notice with a Class Member ID. That ID is important—it’s how you file your claim online. No notice? You can still file, but you might have to provide extra proof that you were affected.

Don’t want to be part of the deal? There’s a way out

You can opt out and keep your right to sue WellNow on your own, but you have to do it by that same July 11 deadline. If you do nothing, you stay in the class and give up your right to take separate legal action. Up to you.

Some people are also objecting—mostly over how the money’s being split or whether $1.1 million is enough. But the court still has to give the final OK.

What this means for WellNow—and for healthcare companies in general

This wasn’t some hacker bored in a basement. It was a coordinated ransomware attack, and it exposed just how unprepared a lot of healthcare networks are when it comes to data security.

WellNow isn’t a mom-and-pop clinic. It’s part of a large network backed by The Aspen Group, which also runs Aspen Dental and other big brands. So this breach hits harder. It’s a reminder that even national healthcare chains with deep pockets can miss the mark on cybersecurity.

This settlement also reinforces a pattern: companies are being held financially responsible, even when they don’t “admit” fault. And patients are starting to push back more—especially when their SSNs and medical histories get dragged into it.

Bottom line: if you were affected, don’t sit on this

This isn’t one of those random class actions where you get a $3 check after five years. If your Social Security number was compromised, the payout could actually be significant—depending on how many people file.

Even if you weren’t in the SSN group, $50 or $75 for your time is still something. And if you had legit fraud-related expenses, you could get reimbursed for thousands.

The site to file a claim is wellnowdatasecuritysettlement.com. You can do it all online. Just don’t wait too long—July 11 is the cutoff.

After that, the window closes.