$1M Community First Medical Center Data Breach Class Action Settlement, April 2, 2026 Deadline for Up to $5,000
Community First Medical Center agreed to pay $1 million to settle claims over a July 2023 data breach that exposed the personal and health information of approximately 216,000 patients. If you received a data breach notification from Community First Medical Center, you can claim up to $5,000 for documented losses or receive an estimated $40 cash payment by filing before the April 2, 2026 deadline.
What the Community First Medical Center Data Breach Involved
On July 12, 2023, an unauthorized third party accessed Community First Medical Center’s computer network and viewed or acquired files containing protected health information. The Chicago-based medical center discovered the intrusion on July 28, 2023, after launching a forensic investigation. The breach compromised sensitive patient data including full names, contact information, Social Security numbers, medical record numbers, and Medicare numbers.
Community First Healthcare of Illinois, doing business as Community First Medical Center, sent breach notifications to affected patients in September 2023. Fifteen separate class action lawsuits were filed and later consolidated into a single case—Pacheco, et al. v. Community First Healthcare of Illinois, Inc.—in the Circuit Court of Cook County, Illinois. The lawsuits alleged the medical center failed to implement adequate cybersecurity measures to prevent the attack, violating Illinois consumer protection laws and breaching patient trust. Community First denies all wrongdoing but settled to avoid litigation costs and uncertainty.
Who Qualifies to File a Claim
You’re eligible for compensation if your personal information was potentially compromised in the July 2023 Community First Medical Center data breach. The settlement class covers all individuals who received a notification from Community First Medical Center stating the breach may have affected their data. This includes approximately 216,047 patients nationwide whose protected health information was stored on the medical center’s systems when the unauthorized access occurred.
Similar to recent healthcare data breach settlements like the Nelnet data breach class action lawsuit $10M settlement, eligibility doesn’t require proof of identity theft or financial harm—just confirmation that your data was exposed in the breach. If you received the breach notification letter or email from Community First Medical Center, you’re automatically part of the settlement class and can file a claim for benefits.
How Much Compensation You Can Receive
The $1 million settlement fund offers multiple payment options depending on your circumstances and whether you can document losses directly traceable to the data breach.
Out-of-Pocket Loss Reimbursement (Up to $5,000) Class members who suffered financial losses related to the breach can claim reimbursement up to $5,000 with proper documentation. Eligible expenses include fraud losses, bank fees, credit monitoring costs purchased after the breach, professional services like credit repair or identity theft assistance, communication charges, internet usage fees incurred investigating the breach, and other reasonable expenses directly caused by the data incident.
To claim reimbursement, you must provide receipts, bank statements, bills, or other documents showing the expense amount and its connection to the Community First Medical Center data breach. This mirrors the documentation requirements seen in the $4M Numotion data breach class action settlement, where claimants with proof of harm receive substantially higher compensation than those without documentation.
Alternative Cash Payment (Estimated $40) Class members who didn’t suffer documented out-of-pocket losses can receive an alternative cash payment estimated around $40. No proof of expenses is required for this option—you simply certify that you received notice of the data breach and provide your class member ID if available. The actual payment amount will vary based on the number of participating class members and the remaining settlement fund after deductions for administration costs, attorney fees, and documented loss claims.
Credit and Medical Monitoring Services (All Class Members) All settlement class members are eligible for one year of free credit and identity theft monitoring services, regardless of which payment option they choose. These services include three-bureau credit monitoring to detect suspicious activity, $1 million in identity theft insurance coverage, dark web monitoring to alert you if your information appears for sale, and medical record monitoring to detect fraudulent use of your health data.
How to File Your Claim Before the Deadline
The settlement website CFMCSettlement.com provides the official claim portal where you can submit your information electronically. Visit the site and log in using the unique class member ID and PIN found in your settlement notice letter. Complete all required fields including your contact information, confirmation that you received the breach notification, and details about any out-of-pocket losses you’re claiming.
If you prefer to file by mail, download the PDF claim form from CFMCSettlement.com, fill it out completely, and mail it to: CFMC Data Incident Settlement Administrator, Kroll Settlement Administration LLC, P.O. Box 5324, New York, NY 10150-5324. Whether filing online or by mail, your claim must be submitted or postmarked by April 2, 2026.
When completing your claim, have your settlement notice letter nearby for reference numbers. If claiming documented losses, gather all supporting documentation including receipts, invoices, account statements, and correspondence with creditors or identity theft services. Attach clear copies of these documents to your claim form.
What Happens After You File
The settlement administrator Kroll will review all submitted claims for completeness and validity after the April 2, 2026 deadline passes. The court scheduled a final approval hearing for March 25, 2026, to determine whether the settlement receives final court approval. Settlement benefits will only be distributed after the court grants final approval and any appeals have been resolved.
If the court approves the settlement as expected, payments and credit monitoring enrollment codes will be distributed approximately 60 to 90 days after final approval. This timeline aligns with standard data breach settlement payment schedules, similar to what occurred in the AT&T class action lawsuit settlement where payments arrived 60-90 days after final court approval.
You can contact the settlement administrator at 833-754-8355 with questions about your claim status or the settlement process. Keep your confirmation number if you file online, or retain a copy of your mailed claim form for your records.
Common Mistakes That Can Delay Your Payment
Many class members lose settlement benefits due to preventable errors when filing claims. Incomplete documentation tops the list—if you’re claiming out-of-pocket losses but submit incomplete receipts or fail to explain how expenses connect to the data breach, your claim may be denied or reduced. Make sure every expense you list includes a date, amount, description, and clear link to the Community First Medical Center breach.
Missing the April 2, 2026 deadline is another critical mistake. Late claims won’t be processed regardless of circumstances, and there are no extensions. Set calendar reminders now to avoid forfeiting your compensation. The settlement administrator cannot grant deadline extensions even for legitimate reasons.
Providing incorrect contact information can prevent you from receiving your payment or credit monitoring enrollment codes. Double-check that your current mailing address, email, and phone number are accurate on your claim form. If your address changes after filing, notify Kroll immediately at the contact information on CFMCSettlement.com.
Finally, don’t confuse this settlement with other Community First matters or different medical centers. This specific settlement covers only the July 2023 data breach at Community First Medical Center in Chicago, Illinois. If you weren’t a patient there or didn’t receive a breach notification from this facility, you don’t qualify for this particular settlement.
Frequently Asked Questions
What types of personal information were exposed in the Community First Medical Center breach?
The compromised data varied by individual but may have included full names, telephone numbers, email addresses, Social Security numbers, medical record numbers, and Medicare numbers. Check your breach notification letter for specifics about what information was affected in your case.
Do I need to prove I suffered identity theft to receive compensation?
No. You can receive the estimated $40 alternative cash payment without proving any harm or losses. However, to claim the higher reimbursement up to $5,000, you must document out-of-pocket expenses directly related to the breach.
Can I claim both the cash payment and the credit monitoring services?
Yes. The credit and identity theft monitoring services are available to all class members regardless of which payment option you choose. However, you cannot claim both the out-of-pocket loss reimbursement and the alternative cash payment—you must select one.
What if I no longer have receipts for my expenses?
Bank statements, credit card statements, or correspondence from credit monitoring services can serve as documentation. The key is showing the expense amount, date, and connection to the Community First Medical Center breach. Contact the settlement administrator at 833-754-8355 if you have questions about acceptable documentation.
What happens if I do nothing and don’t file a claim?
You won’t receive any settlement benefits including the cash payment or credit monitoring services. However, you’ll still be bound by the settlement agreement and give up your right to sue Community First Medical Center separately over this data breach.
How do I know if I’m part of the settlement class?
If you received a data breach notification letter or email from Community First Medical Center regarding the July 2023 incident, you’re automatically a class member. Contact the settlement administrator at 833-754-8355 if you’re unsure whether you received notification.
When will I receive my payment?
Payments will be distributed approximately 60-90 days after the court grants final approval at the March 25, 2026 hearing, assuming no appeals delay the process. This likely means payments arriving in late May or June 2026.
What to Do Next to Protect Yourself
File your claim before the April 2, 2026 deadline by visiting CFMCSettlement.com or mailing your completed claim form to the address listed above. Gather all documentation of breach-related expenses if you’re claiming out-of-pocket losses, and make copies for your records before submitting.
Enroll in the free credit monitoring services once you receive your enrollment code from Kroll. Even if you haven’t experienced identity theft yet, the exposed Social Security numbers and Medicare numbers create long-term risks. Active monitoring helps you detect fraudulent activity early.
Place a fraud alert with the three major credit bureaus—Experian, Equifax, and TransUnion. A fraud alert requires creditors to verify your identity before opening new accounts in your name. This free service provides an extra layer of protection beyond the settlement’s credit monitoring.
Monitor your medical records and insurance statements for signs of medical identity theft. Fraudsters can use stolen health information to obtain medical services, prescriptions, or insurance coverage in your name. Contact your healthcare providers immediately if you notice unfamiliar charges or services you didn’t receive.
Consider placing a security freeze on your credit if you’re particularly concerned about identity theft risk. Unlike a fraud alert, a credit freeze completely prevents new accounts from being opened in your name until you lift the freeze. This provides maximum protection but requires you to temporarily lift the freeze when you legitimately apply for credit.
Review your state attorney general’s consumer protection resources for additional guidance on identity theft prevention and recovery. Many states offer specialized assistance programs for data breach victims beyond what the settlement provides.
Last Updated: January 23, 2026
Disclaimer: This article provides general information only and does not constitute legal advice.
Affected by the Community First Medical Center data breach? Don’t leave money on the table—file your claim before April 2, 2026.
Stay informed, stay protected. — AllAboutLawyer.com
Meta Description: Community First Medical Center $1M data breach settlement pays up to $5,000. 216K patients affected. April 2, 2026 claim deadline. File at CFMCSettlement.com now.
About the Author
Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah