Family Health Center Settles Class Action Data Breach for $850,000

August 10, 2025HIPAA News0

Michigan healthcare provider, Family Health Center, located in three areas in Kalamazoo, has consented to resolve a class action data breach lawsuit associated with a January 25, 2024, cyberattack that compromised the personal data and protected health information (PHI) of around 34,926 patients. The ransomware attack blocked access to selected systems. According to the forensic investigation of the HIPAA-covered entity, the attackers accessed names, addresses, medical insurance data, medical data, and Social Security numbers. The impacted persons received breach notification letters on March 24, 2024.

Family Health Center faced two lawsuits, the Janet Walker v. Family Health Center, Inc., and Donald Vickery, et al. v. Family Health Center, Inc. Both lawsuits were submitted to the Ninth Judicial Circuit in and for Kalamazoo County, Michigan. Because of the similarity of claims in the lawsuits, they were combined on October 16, 2024. The combined lawsuits claimed violations of the Michigan Data Breach Notification Act and the Michigan Consumer Protection Act, breach of implied contract, negligence, negligence per se, unjust enrichment, invasion of privacy, and breach of fiduciary duty.

The parties decided to settle the lawsuit on January 15, 2024, t, without admitting wrongdoing or liability. The parties opted to negotiate to avoid the legal costs, interruptions, stress, expenditures, and interruption to company operations linked to continuing litigation. Based on the terms of the settlement, Family Health Center will create a settlement fund of approximately $850,000 to pay for the following:

  • around $283,305 attorneys’ fees
  • attorneys’ expenditures (not yet decided)
  • settlement administration expenses (approximately $75,000)
  • class representatives’ service awards of $1,500 each
  • class members payments
  • credit monitoring costs (yet to be determined)

Class members could choose to claim any of the following cash payments:

  • Cash Payment A may be claimed as a refund for documented, unreimbursed out-of-pocket expenses incurred due to the data breach up to $5,000 per class member.
  • Cash Payment B may be claimed as a flat amount of $50.00. Besides the cash payments, class members could avail themselves of dark web monitoring, managed identity recovery, and credit monitoring services for two years, including an identity theft insurance plan worth $1 million.

The court has given preliminary approval of the settlement. The schedule of the final fairness hearing is October 17, 2025. Class members who want to object to or opt out of the settlement should do so by September 8, 2025. Claims should be filed on or before October 8, 2025. For more details regarding the settlement, visit fhcdatasettlement.com

About Thomas Brown
Thomas Brown worked as a reporter for several years on ComplianceHome. Thomas is a seasoned journalist with several years experience in the healthcare sector and has contributed to healthcare and information technology news publishers. Thomas has a particular interest in the application of healthcare information technology to better serve the interest of patients, including areas such as data protection and innovations such as telehealth. Follow Thomas on X https://x.com/Thomas7Brown

ComplianceHome is a registered trademark. Copyright © 2025 ComplianceHome. All rights reserved.