FMC Services Agrees to $2.15M Settlement to End Data Breach Lawsuit
FMC Services LLC, the operator of a network of primary care clinics in Amarillo and Canyon, Texas, experienced a cyberattack and data breach in 2022. The class action lawsuit that followed has recently been settled for $2.15 million.
The cyberattack was detected on July 26, 2022, and the forensic investigation confirmed that files had been exposed containing names, addresses, dates of birth, Social Security numbers, and health information. The FMC Services data breach was reported to the HHS’ Office for Civil Rights as involving the protected health information of 233,948 individuals. Notification letters were mailed to 266,540 individuals.
Four individuals filed class action lawsuits in response to the exposure of their personal and protected health information. The lawsuits made similar claims and were consolidated into a single action – Sharber, et al. v. FMC Services, LLC – in the District Court of Potter County, Texas. The consolidated lawsuit claimed that FMC Services had a duty to maintain reasonable and appropriate cybersecurity measures and breached that duty, resulting in the cyberattack and data breach. The lawsuit asserted claims for negligence, negligence per se, breach of fiduciary duty, breach of implied contract, and unjust enrichment.
FMC Services denies any wrongdoing; however, it began discussing a potential settlement in mid-2024, but the terms of a settlement could not be agreed upon during mediation. Following extensive discovery and litigation, and after the plaintiffs defeated the defendant’s motion for summary judgment, a second attempt at mediation resulted in the material terms of a settlement being agreed upon.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The settlement has now been finalized and has received preliminary approval from the court. Under the terms of the settlement, FMC Services will establish a $2,150,000 settlement fund to cover benefits to the settlement class members, attorneys’ fees and expenses, settlement administration and notification costs, and service awards for the four class representatives.
Class members may submit a claim for reimbursement of documented, unreimbursed losses due to the data breach up to a maximum of $5,000 per class member. There is an alternative cash payment for class members who elect not to submit a reimbursement claim. The alternative cash payment is estimated to be $75 per class member, but it will depend on the number of valid claims.
All class members are also entitled to claim two years of medical data monitoring services, regardless of the cash payment they claim. The deadline for objection and exclusion is August 17, 2026, and claims must be submitted by August 31, 2026. The final fairness hearing has been scheduled for September 15, 2026.
