Cooper Data Breach Lawsuit: Did Patients Wait Too Long to Be Warned?

Case Overview: A class action lawsuit alleges Cooper University Health Care delayed notifying over 57,000 patients about a data breach that exposed sensitive personal and medical information.

Consumers Affected: Patients of Cooper University Health Care whose personal and medical information was compromised in the data breach.

Court: U.S. District Court for the District of New Jersey

Cooper University Health Care is facing legal scrutiny following a data breach that allegedly exposed the personal information of more than 57,000 patients. According to a new lawsuit filed in federal court, the New Jersey-based health system delayed notifying those affected for nearly a year—raising claims of negligence, breach of contract, and unjust enrichment.

The complaint, led by Ana Hernandez, a Camden resident and longtime patient of the hospital, centers on how long it took the health provider to act after detecting security trouble within its systems.

Lawsuit Claims Cooper Delayed Notifying Breach Victims for Nearly a Year

Cooper University Health Care reported unusual activity on its networks on May 14, 2024. An investigation followed, with digital forensics experts brought in to identify how much data had been compromised. That probe concluded on March 26, 2025, according to Cooper. On May 23, 2025—about one year after the incident—the hospital began notifying patients whose details had been impacted.

In the legal filing, Hernandez alleges, “Defendant waited more than a year after being made aware of the data breach to notify impacted individuals. This delay deprived patients of the opportunity to take timely steps to protect themselves.”

The lawsuit claims that during this extended gap, personal and medical records of tens of thousands of people were potentially exposed while those individuals remained unaware of the situation or unable to take preventative measures.

Exposure May Include Sensitive Medical and Identification Data

Compromised information may include full names, addresses, birth dates, Social Security numbers, driver’s license data, medical records, and insurance-related details. Cooper has stated that not every patient had each type of data element involved, and that no misuse of this information has been identified to date.

In a public statement, the health care provider emphasized that following the investigation it promptly took steps to determine which records were accessed and began contacting patients accordingly. The notice also said Cooper had informed the FBI, the U.S. Department of Health and Human Services, and key consumer protection agencies.

Despite these assurances, the lawsuit asserts that the timing of those actions left people at elevated risk for fraud, identity theft, and other harms.

Patients Report Real-Life Impact of Data Exposure

Ana Hernandez, who is seeking to represent a class of similarly affected individuals, reports that she has already suffered disruptions linked to the breach. She claims she experienced an uptick in spam texts, robocalls, and unwanted emails since her information may have been accessed without authorization.

“The data breach has caused plaintiff to suffer fear, anxiety, and stress,” the lawsuit states.

According to her legal complaint, Hernandez also lost time verifying the reach of the breach, investigating credit monitoring options, and consulting attorneys.

The lawsuit also accuses Cooper of benefiting unfairly by failing to invest in adequate security protocols while maintaining what the complaint suggests was public confidence in its privacy practices.

Data Breaches Continue to Plague Healthcare Providers

Cooper joins a growing number of organizations named in lawsuits over digital security incidents. In April, Capital One faced claims involving the unauthorized access of customer banking data, allegedly by a former employee. That lawsuit cited nine months of exposure covering names, account numbers, and financial records.

Earlier in the year, insurance provider Globe Life Inc. was the subject of a data breach complaint involving more than 850,000 customers’ personal information. Specifically, that incident involved alleged exposure of health data, Social Security numbers, and insurance details.

These recent filings reflect growing consumer concern over how companies handle cyberthreats and respond when records are compromised.

Plaintiffs Seek Class Certification, Damages, and Greater Safeguards

In the Cooper University Health Care data breach class actions lawsuit, Hernandez is asking the court to award monetary compensation for stress, time spent responding to the breach, potential loss of privacy, and any financial harm tied to the delay in notification. She also wants Cooper to implement enhanced data safeguards to help prevent future incidents.

In the meantime, Cooper has arranged for those affected to receive free identity protection services through IDX, a digital security firm. Patients who did not receive a notice but believe they may be affected can contact the company to verify eligibility for support.

The hospital has said it remains unaware of any misuse of the accessed data but acknowledged that an investigation found “unauthorized activity” that could impact patient records. Cooper has not disputed the existence of the breach, but it has not confirmed the exact number of individuals involved. A report to the Maine Attorney General indicates that 57,412 patients may have been affected.

Case Details

• Lawsuit: Hernandez v. The Cooper Health System
• Case Number: 1:25-cv-05841-KMW-MJS
• Court: U.S. District Court for the District of New Jersey

Plaintiffs' Attorney:

• Mark K. Svensson (Milberg Coleman Bryson Phillips Grossman, PLLC)

Were you affected by the Cooper University Health Care data breach? Share your concerns about the delayed notification below.