VisionPoint Eye Center Reaches $750K Settlement Over 2024 Data Breach Affecting 67,000 Patients
VisionPoint Eye Center, a central Illinois-based ophthalmology and optometry provider, has agreed to a $750,000 settlement to resolve class action litigation stemming from a data breach discovered in October 2024. The incident, which exposed the protected health information of 66,924 individuals, occurred after an unauthorized third party accessed the organization’s network on or around October 3, 2024. Compromised data included names, medical record numbers, health insurance details, and other sensitive medical information.
The breach prompted five class action lawsuits, later consolidated into Davis, et al. v. VisionPoint Eye Center in the Illinois Circuit Court of the Eleventh Judicial Circuit. Plaintiffs alleged negligence, breach of fiduciary duty, and violations of the Illinois Consumer Fraud and Deceptive Business Practices Act, arguing that VisionPoint failed to implement adequate security measures. The healthcare provider denies all claims, citing the settlement as a cost-effective resolution amid litigation risks.
Under the agreement, a $750,000 fund will cover legal fees, administrative costs, and compensation for affected individuals. Class members may claim two years of credit monitoring or opt for one of two cash benefits: reimbursement of documented breach-related losses (up to $2,500 per person) or a one-time payment expected to be $45, subject to pro rata adjustments based on claim volume.
The settlement received preliminary court approval, with deadlines set for February 2, 2026 (opt-out/object) and March 3, 2026 (claim submissions). A final fairness hearing is scheduled for March 2, 2026. The breach was reported to the HHS’ Office for Civil Rights in compliance with federal regulations.
Source: https://www.hipaajournal.com/visionpoint-eye-center-data-breach-settlement/
VisionPoint Eye Center LLC cybersecurity rating report: https://www.rankiteo.com/company/visionpoint-eye-center-llc
"id": "VIS1766750067",
"linkid": "visionpoint-eye-center-llc",
"type": "Breach",
"date": "10/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '66,924 individuals',
'industry': 'Ophthalmology and Optometry',
'location': 'Central Illinois',
'name': 'VisionPoint Eye Center',
'type': 'Healthcare Provider'}],
'customer_advisories': 'Class members may claim credit monitoring services or '
'cash benefits',
'data_breach': {'data_exfiltration': 'Potential',
'number_of_records_exposed': '66,924',
'personally_identifiable_information': 'Names, medical record '
'numbers, health '
'insurance information',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Protected Health Information '
'(PHI)'},
'date_detected': '2024-10-03',
'description': 'An unauthorized third party gained access to VisionPoint Eye '
"Center's network and potentially stole files containing "
'patient data, including names, medical record numbers, health '
'insurance information, and medical information.',
'impact': {'data_compromised': 'Names, medical record numbers, health '
'insurance information, medical information',
'financial_loss': '$750,000 settlement fund',
'identity_theft_risk': 'High',
'legal_liabilities': 'Class action litigation',
'systems_affected': 'Network'},
'investigation_status': 'Settlement agreed',
'post_incident_analysis': {'root_causes': 'Inadequate security measures and '
'non-adherence to industry-standard '
'security best practices'},
'references': [{'source': 'HIPAA Journal'}],
'regulatory_compliance': {'legal_actions': 'Class action lawsuit (Davis, et '
'al. v. VisionPoint Eye Center)',
'regulations_violated': 'HIPAA',
'regulatory_notifications': 'Reported to HHS’ '
'Office for Civil '
'Rights'},
'threat_actor': 'Unauthorized third party',
'title': 'VisionPoint Eye Center Data Breach',
'type': 'Data Breach'}