Breach Details and Lawsuit
Alabama Ophthalmology Associates, P.C., has reached a preliminary settlement in a class action lawsuit stemming from a January 2025 cyberattack. The intrusion was discovered on January 30, 2025, after hackers had unauthorized access to the clinic’s network from January 22 to January 30. The breach exposed sensitive patient data including names, Social Security numbers, medical record numbers, treatment histories, and health insurance information. A total of 131,576 individuals were affected, and notification letters were sent in April 2025.
The consolidated lawsuit, filed in the Circuit Court of Jefferson County, Alabama, alleged that the clinic failed to implement reasonable safeguards, resulting in unauthorized data exposure and inadequate breach notifications. The complaint included claims of negligence, breach of fiduciary duty, and invasion of privacy. The clinic denies all allegations and asserts no wrongdoing, but agreed to settle to avoid ongoing legal costs and trial uncertainty.
Settlement Terms and Timeline
Class members are eligible to receive two years of medical data monitoring and identity theft protection services. Additionally, affected individuals can claim documented, unreimbursed losses up to $5,000 per person, or an alternative pro rata cash payment expected to be around $60 per class member. The final amount of the alternative payment will depend on the number of valid claims submitted.
The deadline for objections and exclusions is June 5, 2026. Claims must be submitted by June 25, 2026, with a final fairness hearing scheduled for July 6, 2026. This settlement highlights ongoing risks to healthcare providers from ransomware and data theft attacks targeting personally identifiable information.
Source: Hipaajournal
