Henderson & Walton Women’s Center Settles Class Action Data Breach Lawsuit
Henderson & Walton Women’s Center, a Birmingham, AL-based provider of women’s healthcare services, has agreed to settle a class action lawsuit stemming from a 2022 data breach that exposed the personal and protected health information of 34,306 individuals. The forensic investigation confirmed that an unauthorized third party had access to an employee’s email account between February 11, 2022, and February 14, 2022, and potentially obtained information such as names, dates of birth, driver’s license or state ID numbers, and medical and treatment information.
Plaintiff Kim Townsel filed a lawsuit – Townsel v. Henderson & Walton Women’s Center, P.C. – against Henderson & Walton Women’s Center in the Circuit Court for Jefferson County, Alabama, over the data breach, alleging a failure to properly secure and safeguard the sensitive and confidential information of patients through the use of encryption and other cybersecurity measures. The lawsuit alleged that the failure amounted to negligence. In addition to the negligence and negligence per se claims, the lawsuit asserted claims for breach of implied contract, unjust enrichment, and breach of fiduciary duty.
Henderson & Walton Women’s Center maintains that there was no wrongdoing and disagrees with the claims made in the lawsuit; however, it agreed to a settlement to avoid the costs, distractions, and disruptions to its business from continuing with the litigation. The plaintiff and class counsel believe the settlement is fair, and the settlement has received preliminary approval from the court.
Under the terms of the settlement, class members are entitled to claim compensation for ordinary losses incurred as a result of the data breach up to a maximum of $150 per class member, plus compensation for extraordinary losses up to a maximum of $2,500 per class member. Individuals who lost time dealing with the data breach may claim reimbursement of up to three hours of lost time at $30 per hour. Class members are also entitled to enroll in three years of medical and credit monitoring services.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The deadline for objection and comments on the settlement is June 29, 2026. Individuals wishing to exclude themselves must do so by July 13, 2026. The final fairness hearing has been scheduled for August 12, 2026.
