Cooper University Health Care is facing a class action lawsuit after a data breach potentially exposed the personal information of tens of thousands of current and former patients.
The lawsuit, filed in federal court this week, accuses the Camden-based health system of failing to adequately protect sensitive data and of delaying notification to those affected.
According to the complaint, more than 57,000 patients were impacted.
Cooper has not confirmed that number but said it notified individuals whose information was identified during a comprehensive review of the compromised data.
In a press release issued last week, Cooper shared its account of the incident.
The health system said it first detected “unusual activity” on its network on May 14, 2024, and immediately took steps to secure its systems.
It hired a leading digital forensics firm to investigate the breach and determine whether any sensitive data had been compromised.
That investigation concluded on March 26, 2025, and Cooper began mailing notification letters to potentially affected individuals on May 23, 2025.
The health system said it acted “as quickly as possible” once it had identified the individuals whose data was involved.
“Cooper undertook a comprehensive review of the impacted data to identify the individuals and information involved,” the press release stated. “Cooper then took steps to provide notification as quickly as possible.”
However, the lawsuit argues that the delay left patients vulnerable and unprotected for too long.
“Defendant waited more than a year after being made aware of the data breach to notify impacted individuals,” the complaint alleges. “This delay deprived patients of the opportunity to take timely steps to protect themselves.”
The compromised data may have included names, addresses, dates of birth, driver’s license numbers, Social Security numbers, medical information, and health insurance details.
Cooper emphasized that not all data elements were exposed for every individual and that there is no evidence of “actual misuse of any of the information potentially involved in this incident.”
Ana Hernandez, a Camden resident and Cooper patient, is the lead plaintiff in the case and has already been affected by the breach, she claims.
“The data breach has caused plaintiff to suffer fear, anxiety, and stress,” the complaint reads. “She has experienced a significant uptick in spam calls, text messages, and emails.”
The lawsuit accuses Cooper of negligence, breach of contract, and unjust enrichment. It seeks monetary damages and demands stronger data protection measures.
Cooper said it has notified the FBI, the U.S. Department of Health and Human Services, and consumer reporting agencies.
It is offering free identity protection services through IDX, a ZeroFox company, to those impacted.
Affected individuals can reach representatives Monday through Friday, from 9 a.m. to 9 p.m., excluding holidays, at 1-877-623-0094..
Individuals who did not receive a notification letter can call to verify eligibility for identity protection services.
