Dakota Eye Institute Settles Class Action Data Breach Lawsuit for $1 Million
Dakota Eye Institute, a multi-specialty group of board-certified ophthalmologists and optometrists based in Bismarck, North Dakota, has agreed to pay $1,000,000 to settle a consolidated class action lawsuit over an October 2023 data breach that affected 107,143 patients. Dakota Eye Institute said it detected a network intrusion in October 2023 and confirmed that sensitive patient data had been exfiltrated from its network. Data compromised in the incident included full names, date of birth, health insurance information, medical information, and Social Security numbers.
Several class action lawsuits were filed in response to the data breach, which were consolidated in the District Court County of Burleigh South Central Judicial District, South Dakota, into a single complaint – In re Dakota Eye Institute Data Security Litigation – as the lawsuit had overlapping claims. The plaintiffs alleged that they suffered ascertainable losses and harm as a result of the data breach, including invasion of privacy, the loss of the benefit of the bargain, lost time, out-of-pocket expenses, emotional distress, and an imminent risk of harm from their sensitive data being in the hands of cybercriminals. The lawsuit asserted claims including negligence, unjust enrichment, breach of implied contract, and violations of the North Dakota Century Code.
Dakota Eye Institute denies all claims and contentions in the lawsuit, and denies wrongdoing and liability; however, after considering the risk and expenses of prolonged litigation, the decision was taken to settle the lawsuit. Class counsel and the class representatives believe that the settlement is in the best interests of the class members and that the negotiated settlement is fair.
Under the terms of the settlement, Dakota Eye Institute has agreed to pay $1,000,000 to settle the lawsuit, inclusive of attorneys’ fees and expenses, settlement administration and notification costs, service awards for the class representatives, and benefits for the class members.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
All class members are entitled to two years of single-bureau credit monitoring services, which include a $1,000,000 identity theft insurance policy. In lieu of this benefit, class members may instead claim a $45 cash payment. In addition, a claim may be submitted for up to $1,000 as reimbursement of documented, unreimbursed ordinary out-of-pocket losses due to the data breach. A claim may also be submitted for reimbursement of documented, unreimbursed extraordinary losses (e.g., identity theft and fraud) up to $5,000 per class member. These claims are subject to a pro rata decrease if the cap of $1,000,000 is exceeded. If any funds remain in the settlement fund, they will be distributed cy pres to court-approved charitable organizations.
The deadline for objection to and exclusion from the settlement has passed. Claims must be submitted by January 12, 2026, and the final fairness hearing has been scheduled for January 12, 2026.
