Case Overview

| Article Type | Settlement & Lawsuit Roundup |

| Vertical | Privacy, Data & TCPA |

| Deadlines | Varies by case — see individual listings |

| Who May Qualify | Patients and users affected by healthcare data breaches; victims of non-consensual AI-generated content |

Healthcare Data Breaches and AI Privacy Lawsuits: 3 Cases to Know in 2026

Data privacy litigation is accelerating in early 2026, with healthcare providers facing class action settlements tied to ransomware attacks and a novel lawsuit raising questions about the boundaries of AI-generated content. If your personal or medical information was exposed in a recent breach — or if you've been targeted by non-consensual AI deepfakes — here's what the current legal landscape looks like.

According to a recent settlement overview published in late February, at least two healthcare-related data breach settlements are now open for claims, while a third case involving xAI's Grok chatbot is working its way through the courts.

1. Granite Wellness Centers Data Breach Settlement

Status: Settlement open — deadline TBD (check claim form for current date)

Estimated Payout: Varies by claim type; specific amounts have not been publicly confirmed

Who May Qualify: Individuals whose personal information was affected by the Granite Wellness Centers data breach

Granite Wellness Centers, a behavioral health and substance use treatment provider, has reached a class action settlement following a data breach that allegedly exposed the personal information of patients. According to settlement documents, individuals impacted by the breach may be eligible to submit a claim for compensation — potentially including reimbursement for out-of-pocket losses, lost time, and, for some claimants, a base cash payment.

Because Granite Wellness Centers provides behavioral health services, the data involved may be considered especially sensitive. Affected individuals are encouraged to review eligibility criteria carefully, as proof of impact may be required for certain claim categories.

How to claim: Visit the official Granite Wellness Centers settlement claim page for current deadline information and claim submission details.

2. Asheville Eye Associates Settlement Stemming from DragonForce Ransomware Attack

Status: Settlement reached — claim details pending public release

Estimated Payout: Not yet publicly confirmed

Who May Qualify: Patients of Asheville Eye Associates whose data was compromised in the DragonForce ransomware attack

Asheville Eye Associates, an eye care provider serving patients across Western North Carolina, has agreed to settle class action litigation arising from a ransomware attack carried out by the cybercriminal group known as DragonForce, according to reporting by the HIPAA Journal. Ransomware attacks of this nature typically involve bad actors infiltrating healthcare networks, encrypting data, and threatening to publish sensitive patient records unless a ransom is paid.

The lawsuit alleged that Asheville Eye Associates failed to implement adequate cybersecurity measures to protect patient data, and that the breach exposed personally identifiable information and potentially protected health information. Settlement terms, including claim deadlines and payout amounts, had not been fully disclosed at the time of publication.

Healthcare data is considered among the most sensitive categories of personal information under federal law, and breaches involving patient records can leave individuals vulnerable to identity theft and other harms for years.

How to claim: Settlement claim information was not yet publicly available at publication. Affected patients of Asheville Eye Associates should monitor communications from the settlement administrator and check back for updates.

3. Grok AI Deepfake Lawsuit (xAI / X Corp.)

Status: Active litigation — no settlement announced

Estimated Payout: N/A — case is ongoing

Who May Qualify: Women and girls who allege they were targeted by non-consensual, sexually explicit AI-generated imagery produced using xAI's Grok platform

A class action lawsuit filed in early 2026 alleges that xAI — the artificial intelligence company founded by Elon Musk and the developer behind the Grok AI chatbot — has knowingly allowed its platform to generate non-consensual, sexually explicit deepfake images of real women and girls. According to the complaint, the lawsuit alleges that Grok produces this content with minimal safeguards and that xAI has effectively profited from a system that causes serious, real-world harm to its victims.

The lawsuit alleges that the consequences for those depicted in such images can be severe, including reputational damage, emotional distress, harassment, and professional harm. The complaint reportedly argues that xAI was aware of Grok's capacity to generate this type of content and failed to take meaningful steps to prevent it.

Non-consensual intimate imagery — including AI-generated deepfakes — has become an area of growing legal and legislative scrutiny. Several states have enacted laws specifically targeting deepfake pornography, and federal legislation has also been proposed. This lawsuit represents one of the more prominent legal challenges directed at an AI company over its role in generating such content.

This case does not yet have a settlement or a claims process. It is included here as a developing matter that privacy and digital rights advocates are closely watching.

How to follow: Monitor court filings for updates as this litigation progresses. No claim form is currently available.

Key Takeaways

• Healthcare providers remain prime ransomware targets. Two of the three cases in this roundup involve patient data held by medical or behavioral health organizations, underscoring the vulnerability of the healthcare sector to cyberattacks.
• Sensitive data raises the stakes. Behavioral health records (Granite Wellness Centers) and eye care patient data (Asheville Eye Associates) may include information subject to heightened privacy protections under HIPAA, potentially influencing settlement values.
• AI-generated deepfake litigation is emerging. The Grok lawsuit signals a new frontier in privacy litigation — one focused not on stolen data, but on content generated about individuals without their consent. Courts have not yet widely addressed this theory of liability.
• Claim deadlines can pass quickly. If you believe you may have been affected by either of the healthcare settlements above, verify eligibility and deadlines as soon as possible through the respective settlement administrators.
• No proof of financial harm may be required for base payments. Data breach settlements frequently offer tiered compensation, with smaller base payments available to all class members and larger amounts reserved for those who can document specific losses.

Have you filed a claim in one of these settlements or been affected by AI-generated deepfake content? Share your experience in the comments below.

InjuryClaims.com reports on class action lawsuits and settlements as a matter of public interest. Nothing in this article constitutes legal advice. Only a licensed attorney can evaluate your individual eligibility or legal options.