A federal judge approved the settlement of a combined class action lawsuit for $1 million that was filed against Community First Medical Center, doing business as Community First Medical Center. The Chicago, IL, medical center encountered unauthorized third-party access to its network on July 12, 2023, resulting in a data breach. Files that contain the protected health information (PHI) of roughly 216,000 patients, which include names, contact details, Medicare numbers, and Social Security numbers, had been viewed and stolen. Such a data breach could be subject to HIPAA violation penalties.
Community First Medical Center faced fifteen class action lawsuits because of the data breach. Since the lawsuits stated identical claims, it was decided to consolidate them into the Pacheco, et al. v. Community First Healthcare of Illinois, Inc. d/b/a Community First Medical Center lawsuit, which is filed in the Circuit Court of Cook County, Illinois. The allegations against Community First Healthcare of Illinois include its failure to use acceptable and proper cybersecurity procedures, causing a data breach, and its use of misleading business practices.
The lawsuit stated the following claims: breach of fiduciary duty, negligence, negligence per se, breach of contract, unjust enrichment, breach of implied contract, and violations of the Illinois Consumer Fraud and Deceptive Business Practices Act. The lawsuit sought declaratory relief, injunctive relief, monetary damages, and other relief as approved in equity or by legislation. Community First Medical Center rejects all claims of wrongdoing and liability. Nevertheless, after taking into consideration the expenses, time, stress, and distraction of ongoing litigation and the risks that come with a trial, the medical center agreed to a settlement of the lawsuit. The plaintiffs and class lawyer agreed that a settlement is the best option and found the negotiated settlement fair.
The terms of the settlement require Community First Medical Center to create a $1,000,000 settlement fund to pay for lawyers’ fees and bills, settlement management expenses, fifteen class representatives’ service awards, and three-bureau credit and medical monitoring services for one year for all class members. Each class member could opt to file a claim for compensation of documented, unreimbursed out-of-pocket expenses associated with the data breach up to $5,000.
Class members can claim losses such as credit monitoring expenses, credit report fees, bank fees, identity theft and fraud losses, and other expenses sustained in response to the data security breach. As an alternative, class members who do not claim for reimbursement of losses can apply for a one-time cash payment, approximated to be $40. The cash payments could be higher or lower depending on the number of legitimate claims filed that will exhaust the settlement fund. March 3, 2026 is the last day to file for objection to and exemption from the settlement. Claims can be filed until April 2, 2026. The final fairness hearing schedule is March 25, 2026.