Utopia Tech
Healthcare4 min read

Vision Care Providers Settle Data Breach Class Actions

Settlements have been agreed to resolve class action lawsuits against two vision care providers: Total Vision in California and Naper Grove Vision Care in Illinois. Both providers fell victim to hacking incidents that exposed patient data. Total Vision Settlement A settlement has been agreed to resolve class action litigation against Total Vision LLC, which owns and operates a

UT

Utopia Tech

July 16, 2026 · 4 min read

Share

Settlements have been agreed to resolve class action lawsuits against two vision care providers: Total Vision in California and Naper Grove Vision Care in Illinois. Both providers fell victim to hacking incidents that exposed patient data. Total Vision Settlement A settlement has been agreed to resolve class action litigation against Total Vision LLC, which owns and operates a network of optometry centers throughout California.

Total Vision experienced a hacking incident on or around October 30, 2020, in which hackers accessed a database server. The server contained sensitive patient information such as names, addresses, dates of birth, Social Security numbers, and prescription information. The data breach was reported to the HHS’ Office for Civil Rights as affecting 138,402 current and former patients.

Total Vision faced two class action lawsuits over the data breach, which were consolidated into a single complaint – Ramey, et al. v. Total Vision, LLC, et al.

– in the Superior Court of California, County of San Diego , naming Anjanette Ramey and Jane Doe as class representatives. In addition to Total Vision, John C. Pack, O.

D. , and Beverly Bianes, O. D.

, Inc. , and John C. Pack, O.

D. , and Beverly Bianes, O. D.

, were named as defendants. The lawsuit alleged the data breach occurred as a result of the negligence of the defendants, who failed to properly secure the server and protect patient information, then failed to issue adequate breach notices. The plaintiffs allege that they experienced numerous instances of attempted data misuse and identity theft as a result of the security incident.

The lawsuit asserted claims for negligence, breach of implied contract, and violations of California’s unfair competition law, the Confidentiality of Medical Information Act, and California security notification laws, all of which were denied by the defendants, along with the allegations of wrongdoing and liability. During mediation on November 21, 2023, the terms of a settlement were agreed by all parties, and the settlement has now been finalized and has received preliminary approval from the court.

The defendants have agreed to establish a $475,000 settlement fund, from which attorneys’ fees and expenses, settlement administration and notification costs, and service awards for the class representatives will be deducted. The remaining funds will be used to pay for class member benefits. Claims may be submitted for reimbursement of documented, unreimbursed losses due to the data breach up to a maximum of $1,000 per class member, and/or a claim may be submitted for a pro rata cash payment, the value of which will depend on the number of valid claims received.

The defendants have also agreed to implement improved data security measures, valued at $224,000. The exclusion/objection deadline is September 4, 2026. Claims must be submitted by October 5, 2026, and the final fairness hearing has been scheduled for December 18, 2026.

Naper Grove Vision Care Settlement Naper Grove Vision Care in Naperville, Illinois, has settled class action litigation stemming from a May 2025 security incident that involved unauthorized access to the protected health information of 20,093 individuals . On May 24, 2025, Naper Grove Vision Care identified unauthorized network access. The Interlock ransomware group claimed responsibility for the attack and obtained patient information such as names, addresses, birth dates, driver’s license numbers, patient numbers, health insurance information, explanation of benefits documents, and medical condition and treatment information.

Some Social Security numbers were also among the accessed data. Multiple class action lawsuits were filed in response to the data breach, which were consolidated – In re Naper Grove Data Breach Litigation – in the Circuit Court of the Eighteenth Judicial Circuit, Dupage County, Illinois. The consolidated lawsuit names Ashley Fett and Paul Mifsud as class representatives.

The lawsuit alleged that the data breach occurred due to the failure to implement reasonable and appropriate cybersecurity measures, and asserted claims for negligence, negligence per se , breach of implied contract, unjust enrichment, and violations of the Illinois Consumer Fraud and Deceptive Business Practices Act. All claims and contentions continue to be denied by Naper Grove Vision Care.

All parties have agreed to settle the litigation, with no admission of fault, liability, or wrongdoing. The defendant will cover the cost of attorneys’ fees and expenses, settlement administration and notification costs, and service awards for the class representatives. Claims may be submitted for reimbursement of documented, unreimbursed out-of-pocket losses due to the data breach up to a maximum of $1,000 per class member.

If a claim for reimbursement of losses is not submitted, class members may submit a claim for an alternative cash payment. The cash payments will be paid pro rata from a $50,000 settlement fund. Regardless of which option is chosen, class members qualify for a one-year membership to a credit and medical data monitoring service.

The deadline for objection/exclusion is September 18, 2026. Claims must be submitted by September 18, 2026, and the final approval hearing has been scheduled for October 20, 2026. The post Vision Care Providers Settle Data Breach Class Actions appeared first on The HIPAA Journal .

Originally published at hipaajournal.com

Share
▸ Want a deeper look?

Talk to an architect about applying this to your stack.

60-minute technical evaluation, no obligation. We'll map the ideas in this article to your environment.

Skip to main contentVision Care Providers Settle Data Breach Class Actions · Utopia Tech