Alabama Ophthalmology Associates Data Breach Settlement Gets First Nod
Alabama Ophthalmology Associates, P.C., has settled a class action lawsuit that was filed in response to a January 2025 cyberattack on its computer systems. The intrusion was identified on January 30, 2025, and the forensic investigation confirmed unauthorized access to its network between January 22 and January 30, 2025.
The hackers had access to files containing names, dates of birth, Social Security numbers, medical record numbers, treatment information, medical history information, and health insurance information. The Alabama Ophthalmology data breach affected 131,576 individuals, and notification letters were mailed in April 2025. Multiple class action lawsuits were filed in response to the data breach, which were consolidated as they had overlapping claims – In re Alabama Ophthalmology Associates, P.C., Data Breach Litigation – in the Circuit Court of Jefferson County, Alabama.
The consolidated lawsuit alleged that the defendant failed to implement reasonable and appropriate safeguards to protect sensitive data on its network, resulting in unauthorized access and exposure of patient data, and failed to issue adequate breach notifications. The lawsuit asserted claims for negligence, negligence per se, breach of contract, breach of implied contract, breach of fiduciary duty, breach of confidence, invasion of privacy, fraud, misrepresentation, unjust enrichment, bailment, wantonness, and failure to provide adequate notice pursuant to any breach notification statute or common law duty.
The defendant denies all claims and contentions in the lawsuit and maintains that there was no wrongdoing and that there is no liability. To avoid further legal costs and the uncertainty of a trial, all parties explored early resolution of the lawsuit, and a settlement was ultimately agreed upon that was acceptable to all parties.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Class members are entitled to claim two years of medical data monitoring and identity theft protection services, plus one of two cash payments. A claim may be submitted for documented, unreimbursed losses due to the data breach up to a maximum of $5,000 per class member, or a claim may be submitted for an alternative pro rata cash payment, the value of which will depend on the number of valid claims received. The cash payments are expected to be around $60 per class member. The deadline for objection and exclusion is June 5, 2026. Claims must be submitted by June 25, 2026, and the final fairness hearing has been scheduled for July 6, 2026.
