A $3.3 million class action settlement resolves litigation arising from a ransomware incident that occurred on January 2025 involving Mt. Baker Imaging and Northwest Radiologists, following unauthorized access that exposed the protected health information (PHI) of up to 362,713 individuals.
Incident Overview
Mt. Baker Imaging, a Washington-based medical imaging provider, relies on Northwest Radiologists for interpretation services. In January 2025, a cyberattack was identified within the organization’s environment. A forensic investigation determined that an unauthorized third party accessed the network between January 20, 2025, and January 25, 2025. During this period, files were obtained from the system.
The breach involved data associated with patients receiving imaging and related healthcare services. The incident was reported to state and federal authorities following the discovery and investigation.
Data Compromised
The accessed files contained multiple categories of personal and health-related information. The exposed data included names, contact information, dates of birth, driver’s license or state ID card numbers, Social Security numbers, treatment or diagnosis information, and medical insurance details.
The breach was reported to have affected 348,118 Washington state residents through notification to the Washington Attorney General. In compliance with HIPAA laws, the U.S. Department of Health and Human Services Office for Civil Rights was also informed that PHI of up to 362,713 individuals was involved in the incident.
Litigation and Allegations
Several class action lawsuits followed the disclosure of the cyberattack. The plaintiffs filed in the Superior Court of the State of Washington for Whatcom County a consolidated lawsuit — In re: Mt. Baker Imaging, LLC, Data Security Litigation.
The consolidated complaint alleged failures related to data security safeguards. Claims asserted in the litigation included invasion of privacy through intrusion upon seclusion, negligence, unjust enrichment, breach of implied contract, and alleged violations of state-level statutes including the Washington Consumer Protection Act, Uniform Health Care Information Act, Washington My Health My Data Act, and Washington Data Breach Notification Disclosure Law.
The parties maintained differing positions on the legal claims raised in the litigation. The resolution followed agreement among the parties that settlement provided a path to avoid continued litigation costs, risk, and uncertainty.
Settlement Terms
The defendants agreed to establish a $3,300,000 settlement fund. The fund will cover attorneys’ fees and expenses, service awards for nine class representatives, and settlement administration and notification costs.
After these allocations, remaining funds will be used to provide benefits to approximately 340,184 class members. Eligible class members may file claims to reimburse documented, unreimbursed losses associated with the data breach, up to a maximum of $5,000 each.
The settlement also provides class members with a two-year membership to a medical identity theft protection and monitoring service. In addition, a pro rata cash payment will be distributed to eligible claimants using the remaining net settlement amount after costs, expenses, and benefits are applied.
The claims process applies to eligible individuals identified in the settlement class definition tied to the January 2025 incident involving Mt. Baker Imaging and Northwest Radiologists.
Deadlines and Court Status
The settlement has received preliminary approval from the court. A final fairness hearing has been scheduled for August 21, 2026. The deadline for objections and exclusions is July 20, 2026. Claims must be filed by August 19, 2026.
Image credit: AI Image Studio – WhataWin, AdobeStock
