The Non-Financial Ledger: What a Number on a Spreadsheet Cannot Hold

Before this becomes a story about settlement funds and court deadlines, it needs to be a story about people. Real people who walked into an urgent care clinic when they were sick or hurt, handed over the most sensitive information a person can possess, and trusted that it would be protected. That trust was broken.

Among the nine named plaintiffs is a parent named John Lattimore, who filed this lawsuit not just for himself but for his two children, identified in court documents only as S.L. and V.L. These are minors. Children. Their Social Security numbers, issued to them at birth and tied to their financial identities for the rest of their lives, were among the 55,131 SSNs that leaked out of WellNow’s systems in April 2023. Those children did not consent to having their data stored. They could not have. They went to a doctor. Now strangers somewhere have their Social Security numbers.

A stolen Social Security number is not a problem you solve once. It follows you. It can be used to open credit lines, file fraudulent tax returns, create fake identities, or be sold and resold on dark web markets for years. For a child, the damage may not surface for a decade, right around the time they apply for their first apartment, their first car loan, or their first job that requires a background check. By the time S.L. or V.L. discovers what happened, they will be adults trying to untangle a mess created when they were kids who needed medical care.

The other plaintiffs, Genevieve Tambroni, Ella Williams, James Beach, Caitlin McDaniel, Claudine King, Wesley Lumpkins, and Ian Curro, are adults who went to the same kind of clinic for the same kind of reason: they needed help. Every one of them handed over personal information under the reasonable assumption that a medical provider would treat that data with the same care it would treat their health. WellNow failed that obligation.

What the $4.4 million settlement does not capture is the time already spent: the hours on the phone with credit bureaus, the credit monitoring subscriptions people signed up for out of fear, the anxiety of checking bank statements, the low-grade dread that lives in the back of your mind when you know your data is out there. It does not capture the anger of finding out months after the breach that your information had been exposed. It does not capture what it feels like to be patient number 597,001 in a case where the company walks away with a legal release and you walk away with a check that might not cover a tank of gas.

The Breach: What WellNow Let Happen

WellNow Urgent Care operates within a corporate cluster that includes Immediate Care, LLC, Physicians Immediate Care Chicago P.C., Aspen Dental Management, Inc., and ADMI Corp. d/b/a TAG The Aspen Group. In April 2023, a data security incident inside this network exposed the personal records of nearly 600,000 patients to unauthorized third parties.

• April 2023: The Data Security Incident occurs. Unauthorized third parties gain access to the personal information held in WellNow’s systems, including the systems of its affiliated entities.
• 55,131 individuals had their Social Security numbers exposed. This is the most severe category of breach. SSN exposure creates lasting identity theft risk that credit monitoring alone cannot neutralize.
• 541,870 additional individuals had other categories of personal information, described as “Non-Social Security number personal information,” exposed to unauthorized parties. The specific data types beyond SSNs are not enumerated in the court order.
• The defendants named in the suit are WellNow Urgent Care P.C., Physicians Immediate Care LLC, Physicians Immediate Care Chicago P.C., Aspen Dental Management Inc., and ADMI Corp. d/b/a TAG The Aspen Group. The breadth of defendants signals that the breach touched the shared infrastructure of the entire corporate group.
• The lawsuit was filed in Sangamon County, Illinois, Case No. 2025LA000013, under Illinois class action statute 735 ILCS 5/2-801. Preliminary approval was granted by Circuit Court Judge Robin Schmidt on April 1, 2025, nearly two years after the breach itself.

Legal Receipts: What the Court Documents Actually Say

These are verbatim passages from the court order. No paraphrasing. No spin. Read them the same way a judge did.

“The approximately 55,131 Settlement Class Members whose personal information, including Social Security numbers, was impacted in the Data Security Incident. SSN Class Members are eligible to submit a Claim for SSN Settlement Benefits from the SSN Settlement Fund.”

“The approximately 541,870 individuals within the United States of America whom Defendants have identified as having Non-Social Security number personal information exposed to unauthorized third parties as a result of the Data Security Incident.”

“Defendants retain all rights to object to the propriety of class certification in the Civil Action in all other contexts and for all other purposes should the settlement not be finally approved.”

“The Settlement Agreement was negotiated at arm’s length between the Parties, who were represented by experienced counsel.”

Societal Impact Mapping: The Damage Beyond the Courtroom

Public Health

Medical providers hold a category of trust that goes beyond what you give a bank or a retailer. When you see a doctor, you hand over information about your body, your insurance, your identity, and your family. WellNow and its affiliates failed to protect that specific kind of trust.

• The breach undermines the basic health-seeking behavior that urgent care clinics depend on. When patients fear that visiting a clinic means their Social Security number will end up on a dark web market, they delay care. Delayed care for urgent medical conditions is a documented public health harm.
• Medical identity theft is among the most destructive forms of identity theft. A stolen SSN used to receive medical services under someone else’s name can corrupt that person’s medical records, insurance eligibility, and prescription history. The 55,131 SSN class members face this specific risk for the remainder of their lives.
• Two of the named plaintiffs are minor children. Children whose medical data and Social Security numbers are compromised face a uniquely extended exposure window. Their vulnerability period stretches decades beyond that of an adult victim, covering every financial and identity-dependent milestone from college applications to mortgage lending.

Economic Inequality

Data breaches are not economically neutral events. They impose time, labor, and financial costs on victims that are disproportionately borne by people with fewer resources.

• The $4.4 million settlement distributed across 597,001 class members yields approximately $7.37 per person before legal fees, administrative costs, and tiered disbursement calculations reduce that figure further. Attorney fees and service awards will be filed by July 18, 2025, meaning the final per-person payout could be substantially lower than $7.37.
• Credit monitoring services, identity theft protection plans, and the time required to freeze credit across all three bureaus cost money and labor that not every class member can afford. The settlement may not fully reimburse these out-of-pocket costs for every claimant, particularly those in the Non-SSN tier who may face lower individual payouts.
• Victims who do not receive the court’s notice by mail or email, whether due to address changes, email filtering, or lack of consistent internet access, may miss the July 11, 2025 claims deadline entirely. Systematically, those least connected to legal and financial infrastructure are most likely to be missed by a paper-and-email notification process and least likely to receive any compensation at all.
• WellNow’s corporate parent structure, spanning Aspen Dental Management and the broader TAG/ADMI Corp. network, reflects a model in which urgent care and dental clinics are aggregated into large, profit-oriented management companies. This aggregation concentrates patient data into high-value targets. The same scale that makes the network profitable makes a breach vastly more damaging to the public.

The “Cost of a Life” Metric

What Now? What You Can Do Before August 15, 2025

The court has set hard deadlines. If you are one of the 597,001 affected individuals and you do nothing, WellNow and its affiliates walk away with a full legal release against you and you may receive nothing.

Corporate Leadership Accountable for This Breach

The source document does not name individual executives. Corporate accountability runs through these entities:

• WellNow Urgent Care, P.C. (Primary defendant, direct operator of the breached systems)
• Physicians Immediate Care, LLC and Physicians Immediate Care Chicago, P.C. (Co-defendants sharing the data infrastructure)
• Aspen Dental Management, Inc. (Named defendant, part of the parent network)
• ADMI Corp. d/b/a TAG The Aspen Group (Named defendant, umbrella corporate structure)

Key Deadlines — Do Not Miss These

• May 12, 2025: Notice Date. Class members should receive notification by this date. If you believe you received care at WellNow or Physicians Immediate Care and have not received a notice, contact the Settlement Administrator, Kroll Settlement Administration LLC, directly.
• July 11, 2025: Objection, Exclusion, and Claims Deadline. You must file any claim, opt-out request, or written objection by this date. Missing this deadline means you receive nothing and release all claims.
• August 15, 2025 at 11:00 a.m.: Final Fairness Hearing via Zoom (Meeting ID: 969 230 7334; Password: 889222). Any class member who has submitted a timely written objection may appear to argue against the settlement.

Regulatory Watchlist

These bodies have jurisdiction over healthcare data security and corporate privacy failures. File complaints. Make noise.

• U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR): Primary federal enforcement authority for HIPAA violations. A medical provider breach of this scale falls squarely within their mandate. File at hhs.gov/ocr.
• Federal Trade Commission (FTC): Has authority over deceptive data security practices by businesses. If WellNow represented that it safeguarded patient data and failed to do so, this is an FTC matter. File at reportfraud.ftc.gov.
• Illinois Attorney General’s Office: The case is filed in Sangamon County, Illinois. Illinois has its own data breach notification law and consumer protection statutes. The Illinois AG has independent enforcement authority regardless of this settlement.
• Consumer Financial Protection Bureau (CFPB): SSN theft that leads to financial fraud falls within CFPB jurisdiction. If you experience fraudulent accounts or credit activity traceable to this breach, file a complaint at consumerfinance.gov.

Grassroots and Mutual Aid Actions

• Freeze your credit at all three bureaus now. Equifax, Experian, and TransUnion all offer free credit freezes. For SSN class members especially, this is the single most effective action you can take to prevent new fraudulent accounts being opened in your name. It costs nothing and can be done online in minutes.
• Share this article and the claims deadline with anyone who may have used WellNow or Physicians Immediate Care. The notification system depends on current addresses and active emails. Many of the 597,001 affected people will never receive notice. Word of mouth through communities, neighborhood social media groups, and mutual aid networks is the only way to reach them before July 11, 2025.
• If the $7.37 feels insulting, say so on the record. Written objections filed before July 11 at Sangamon County Circuit Court become part of the public record. A large volume of objections arguing the settlement amount is inadequate creates a paper trail that press, regulators, and future litigants can use.
• Connect with local legal aid organizations in Illinois if you cannot afford an attorney but want to file an objection. Many legal aid clinics handle consumer protection matters and can help you prepare a compliant written objection at no cost.