VisionPoint Eye Center based in central Illinois agreed to settle a class action lawsuit associated with a data breach that happened on October 2024 affecting around 67,000 individuals. This eye treatment service provider confirmed that an unauthorized third party acquired access to its system on or about October 3, 2024, and likely stole files with patient information. The breached data likely included names, medical insurance data, medical record number, and health data. The data breach report submitted to the HHS’ Office for Civil Rights indicated that the protected health information (PHI) of 66,924 individuals were affected.
In response to the data breach, VisionPoint Eye Center faced five class action lawsuits, which alleged the company could have avoided the data breach if reasonable and proper security measures had been applied and if it followed HIPAA-certified standard security guidelines. The consolidated lawsuit, Davis, et al. v. VisionPoint Eye Center, was filed in the Illinois Circuit Court of the Eleventh Judicial Circuit, County of McLean.
The allegations mentioned in the consolidated lawsuit included violations of the Illinois Consumer Fraud and Deceptive Business Practices Act, claims of negligence, negligence per se, unjust enrichment, breach of implied contract, and breach of fiduciary duty. VisionPoint Eye Center rejects all claims stated in the lawsuit, liability, and wrongdoing. Because of the potential cost of the lawsuit and the uncertainty of a trial, the parties concerned decided to negotiate the lawsuit. Both class attorney and the class representatives agreed that the settlement terms benefit the class members.
VisionPoint Eye Center will create a $750,000 settlement fund to pay for the attorneys’ fees and expenditure, notification and settlement management expenses, class members’ benefits and service awards for the 13 plaintiffs. Class members could claim single-bureau credit monitoring services for two years, and their choice from two cash benefit options. Each class member can submit a claim to reimburse documented, unreimbursed expenses as a result of the data breach up to $2,500. Another option is for class members to file a claim to get an estimated $45 one-time cash payment. The amount may be lower on a pro rata basis, subject to the number of claims filed.
The last day to opt out of or object to the settlement deal is until February 2, 2026. Claims may be submitted until March 3, 2026. The court has given preliminary approval of the settlement, and the schedule of the final fairness hearing is March 2, 2026.
