AI & Service Management Company, Serviceaide Inc, Agrees to Pay $1.8 Million For Data Breach of 400,000 Health Patients’ Information
- Human Rights Research Center
- 3 hours ago
- 3 min read
Author: Amy Asubonteng
July 13, 2026
HRRC supports the court settlement of $1.8 million to patients affected by Serviceaide’s data breach incident. The compromise of individuals’ personal identifying information is a violation of the right to privacy. In addition, HRRC pushes for more corporate accountability. Compensation is only one step in addressing the mismanagement of confidential patient data by Serviceaide.
![[Image credit: Marcus Winkler via Pexels]](https://static.wixstatic.com/media/d0bbf9_f5038ceb3a3c4be8985edc812e216b4a~mv2.png/v1/fill/w_51,h_34,al_c,q_85,usm_0.66_1.00_0.01,blur_2,enc_avif,quality_auto/d0bbf9_f5038ceb3a3c4be8985edc812e216b4a~mv2.png)
Serviceaide Inc, a company that provides AI-driven solutions to other organizations, has just agreed to a $1.8 million settlement to legally resolve an issue pertaining to a 2024 data breach incident with Catholic Health, a nonprofit healthcare provider. Catholic Health hired Serviceaide to help support and streamline their services, giving the AI-based corporation access to patients’ data. This data breach affected over 400,000 patients, according to the U.S. Department of Health and Human Services, potentially compromising patients’ personal data, including data such as Social Security numbers, date of birth, medical information, location, passwords and usernames, and more.
This issue came to light when Serviceaide identified outside access to its system back in November 2024. After a thorough investigation, it was found that a third party had unauthorized access to information from September to November that same year, suggesting that there was internal mismanagement. As a result, Serviceaide faced eleven action lawsuits—known as Nancy Balzer, et al., v. Serviceaide. In the lawsuit, it was alleged that the data breach not only could have been avoided by Serviceaide, but was also a form of negligence, unjust enrichment, breach of implied contract, and invasion of privacy.
Serviceaide denies the allegations given in the lawsuit. In court, however, they eventually reached a settlement of $1.8 million. Moreover, eligible members affected by the data breach can get reimbursed for up to $5,000 for documented losses due to fraud or identity theft, or they can receive cash payments of $50 after submitting a claim with no proof required.
This case serves as an example of data vulnerability, specifically within the medical sector, and, thus, a violation of consumer protection. Health data remains a valuable asset in cybercrime because of the volume and permanency of personal information, including Social Security numbers and insurance records—data tied to specific individuals. Even if there is no incident of identity fraud or theft, companies are expected to protect their consumers’ private records. Consumer protection is a human right, as it safeguards individuals from exploitation.
The protection of such information is key to maintaining privacy, personal property, and limiting harmful cybercrime. Nonetheless, that protection starts with corporate responsibility and its strict compliance with data protection.
Glossary
AI (Artificial intelligence): the capability of computer systems or algorithms to imitate intelligent human behavior
Breach: infraction or violation of a law, obligation, tie, or standard
Compliance: the act or process of complying to a desire, demand, proposal, or regimen or to coercion or conformity in fulfilling official requirements
Compromise: to reveal or expose to an unauthorized person and especially to an enemy
Confidential: intended for or restricted to the use of a particular person, group, or class: private, secret
Cybercrime: criminal activity (such as fraud, theft, or distribution of child pornography) committed using a computer especially to illegally access, transmit, or manipulate data
Data breach: An instance or situation in which confidential information about a person or organization is exposed, either accidentally or as the result of a cyber attack, to people who do not have permission to access or use it.
Fraud: deceit, trickery specifically : an act, expression, omission, or concealment calculated to induce another to part with something of value or to surrender a legal right
Negligence: failure to exercise the care that a reasonably prudent person would exercise in like circumstances
Social security number: a number that is given to each citizen of the U.S. by the government and that is used for the Social Security program and for official forms and records
Unjust enrichment: the retaining of a benefit (as money) conferred by another when principles of equity and justice call for restitution to the other party
References
