Rebound Orthopedics & Neurosurgery Pays $2.5 Million to Settle Data Breach Lawsuit
Rebound Orthopedics & Neurosurgery, a Vancouver, WA-based orthopedic and neurosurgery practice, has agreed to pay $2,500,000 to settle a class action lawsuit over a February 2024 security incident involving unauthorized access to the protected health information of 426,536 patients. Data compromised in the incident included names, dates of birth, medical information, health insurance information, Social Security numbers, financial account information, driver’s license numbers, and passport numbers.
The affected patients started to be notified on April 15, 2024, and the first class action lawsuit related to the data breach was filed on February 7, 2025, in the Superior Court of the State of Washington, Clark County. A further five class action lawsuits were filed by other affected individuals, which were consolidated in the same court – Cooper, et al. v. Rebound Orthopedics & Neurosurgery P.C.
The consolidated lawsuit alleged that Rebound Orthopedics & Neurosurgery was at fault, as reasonable and appropriate cybersecurity measures had not been implemented prior to the data breach. The lawsuit asserted claims for negligence, breach of implied contract, unjust enrichment, breach of fiduciary duty, invasion of privacy, and violations of the Washington Consumer Protection Act and the Oregon Unlawful Trade Practices Act. Rebound Orthopedics & Neurosurgery denies all claims of fault, wrongdoing, and liability.
To avoid the costs, expenses, distraction, and burden of continuing with the litigation, and the uncertainty of a trial and related appeals, all parties agreed to settle the lawsuit. Class counsel and the class representatives believe that the settlement is fair. Under the terms of the settlement, Rebound Orthopedics & Neurosurgery has agreed to establish a $2,500,000 settlement fund to cover attorneys’ fees and expenses, notification and settlement costs, service awards for the class representatives, and benefits for the class members.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Class members may submit a claim for a two-year membership to the CyEx Medical Shield Complete credit and medical data monitoring service, plus one of two cash payments. A claim may be submitted for reimbursement of documented, unreimbursed losses incurred due to the data breach up to $5,000 per class member. Alternatively, a claim may be submitted for a one-time pro rata cash payment, which is estimated to be $75 per class member, but may be higher or lower depending on the number of valid claims received.
The deadline for objection to and exclusion from the settlement is May 28, 2026. Claims must be submitted by May 28, 2026, and the final fairness hearing has been scheduled for June 12, 2026.
