25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Eye Physicians of Central Florida Data Breach Settlement

Posted By on Apr 1, 2026

Eye Physicians of Central Florida has agreed to settle a class action lawsuit stemming from a 2023 data breach that affected more than 31,000 patients. Eye Physicians of Central Florida identified suspicious activity within its computer network on November 5, 2023, and confirmed access by an unauthorized third party. The data breach affected 31,189 patients, according to the breach notice submitted to the HHS’ Office for Civil Rights (OCR).

The hackers gained access to systems containing names, addresses, dates of birth, medical diagnosis and treatment information, provider names, patient ID numbers, procedure codes, dates of service, treatment cost information, financial account information, state ID, health insurance information, and/or prescription information.

A class action lawsuit – Connell v. Eye Physicians of Central Florida, P.L.C. – was filed in the Circuit Court for Orange County, Florida, by plaintiff Alisa Connell individually and on behalf of similarly situated individuals who had data exposed in the incident. Eye Physicians of Central Florida sought to have the lawsuit dismissed, and was partially successful, although the lawsuit was allowed to proceed, and the plaintiff filed an amended complaint asserting claims for negligence and breach of fiduciary duty.

The lawsuit was actively litigated for 18 months, then all parties engaged in private mediation, resulting in a settlement that was agreeable to all parties. Eye Physicians of Central Florida maintains there was no wrongdoing, believes there is no liability, and denies and continues to deny all claims and allegations in the lawsuit.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The settlement provides multiple benefits for the class members. Class members are entitled to claim two years of credit monitoring and identity theft protection services, which include a $1 million identity theft insurance policy. In addition, a claim may be submitted for reimbursement of documented, unreimbursed losses due to the data breach and attested lost time of up to three hours at $25 per hour. Claims for reimbursement of losses are capped at $2,000 per class member for ordinary losses and $7,500 for extraordinary losses. There is no alternative cash payment.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist