FMC Services, LLC, doing business as Family Medicine Centers in Texas, has agreed to a $2,150,000 settlement to resolve litigation connected to a July 2022 data breach involving protected health information (PHI) and personally identifiable information (PII) of 233,948 individuals.
Data Breach Identification and Scope
On or around July 26, 2022, a data security incident was identified affecting network systems used by HIPAA-covered entity Family Medicine Centers. Unauthorized individuals accessed systems containing PII and PHI, including names, birth dates, mailing addresses, Social Security numbers, and medical information.
The incident report submitted to the U.S. Department of Health and Human Services Office for Civil Rights stated that the PHI of 233,948 individuals were affected. In compliance with HIPAA Breach Notification laws, notification letters were sent to 266,540 individuals following the incident.
Litigation Background
Multiple lawsuits were filed in connection with the incident and were consolidated into a single complaint titled Sharber, et al. v. FMC Services, LLC in the District Court of Potter County, Texas. The combined complaint alleged that the defendant maintained inadequate data security measures that contributed to unauthorized access and the acquisition of sensitive information.
The claims asserted in the litigation included breach of implied contract, unjust enrichment, negligence, negligence per se, and breach of fiduciary duty. The plaintiffs also sought declaratory relief, statutory damages, monetary damages, equitable relief, injunctive relief, and punitive damages.
Settlement Development Process
FMC Services, LLC denied and continues to deny all allegations of wrongdoing, fault, and liability raised in the lawsuit. In mid-2024, the parties entered discussions regarding settlement to resolve the litigation. A mediation session was held but did not result in an agreement.
Further litigation activity continued, including discovery and a defendant’s Motion for Summary Judgment that did not succeed. A second mediation session later resulted in agreement on material settlement terms.
The settlement terms have since been finalized and received preliminary approval from the court. A final fairness hearing has been scheduled for September 15, 2026.
Settlement Terms and Claim Process
The settlement establishes a fund of $2,150,000. The fund will be used to provide payments to class members after deductions for attorneys’ fees and expenses, settlement management and notification expenses, and four class representatives’ service awards.
Class members may submit reimbursement claims for documented, unreimbursed losses related to the data breach, up to $5,000 per individual. Class members who fail to file reimbursement claims may instead opt for an alternative cash payment, which is estimated at around $75 per class member, with final amounts depends on remaining funds after paying other allocated costs.
In addition to monetary payments, class members are provided access to a two-year membership in a medical data monitoring service.
Deadlines associated with the settlement include August 17, 2026 for objections or requests for exclusion and August 31, 2026 for claim submissions.