Alabama Ophthalmology Associates, P.C. has agreed to settle a class action lawsuit arising from a January 2025 cyberattack that resulted in unauthorized access to patient data affecting 131,576 individuals.
Incident Timeline and Scope
Alabama Ophthalmology Associates, P.C. suffered a cyberattack on its computer network on January 30, 2025. A forensic investigation confirmed that unauthorized access to the network occurred between January 22 and January 30, 2025.
The compromised files included personal data and protected health information (PHI), such as names, dates of birth, Social Security numbers, medical record numbers, treatment information, medical history information, and health insurance information.
The data breach impacted 131,576 individuals. Notification letters were issued to affected individuals in April 2025.
Litigation and Allegations
After the breach, Alabama Ophthalmology Associates faced multiple class action lawsuits. These lawsuits were consolidated due to overlapping claims and proceeded as In re Alabama Ophthalmology Associates, P.C., Data Breach Litigation in the Circuit Court of Jefferson County, Alabama.
The consolidated complaint alleged that Alabama Ophthalmology Associates, P.C. did not implement reasonable and appropriate safeguards to protect sensitive data stored on its network. The claims also asserted that the organization failed to provide adequate breach notifications.
The legal claims included negligence, negligence per se, breach of contract, breach of implied contract, breach of fiduciary duty, breach of confidence, invasion of privacy, fraud, misrepresentation, unjust enrichment, bailment, wantonness, and failure to provide adequate notice under applicable breach notification requirements.
The defendant denied all allegations and stated that no wrongdoing occurred and that no liability exists.
Settlement Terms
The parties reached a settlement agreement to avoid additional legal expenses and the uncertainty associated with trial proceedings.
Under the settlement, class members are eligible to receive two years of medical data monitoring and identity theft protection services.
Class members may also choose between two forms of financial compensation. A claim for documented, unreimbursed losses may be filedĀ up to a maximum of $5,000 per individual. Alternatively, class members may elect to receive a pro rata cash payment, which is expected to be approximately $60 per individual depending on the number of valid claims submitted.
Deadlines and Court Proceedings
The deadline for class members to object to or exclude themselves from the settlement is June 5, 2026. Claims must be submitted by June 25, 2026. A final fairness hearing has been scheduled for July 6, 2026.