$1M Community First Medical Center Settlement Ends Data Breach Lawsuit—How 216,000 Patients Can Claim Compensation
Community First Medical Center reached a $1 million settlement to compensate approximately 216,000 patients affected by a July 2023 data breach that exposed sensitive personal and health information including names, Social Security numbers, Medicare numbers, and medical records. Eligible patients can file claims to receive either up to $5,000 in reimbursement for documented losses or an estimated $40 cash payment, plus one year of free credit and medical monitoring services.
The settlement received preliminary court approval on December 3, 2025, with a final fairness hearing scheduled for March 25, 2026. Studies show that 96% of settlement funds go unclaimed because victims don’t file or miss deadlines—don’t let this happen to you.
This Affects You If Your Data Was Breached at Community First Medical Center
If you received medical services at Community First Medical Center and received a breach notification letter, understanding this settlement matters because you may be entitled to significant compensation for the harm caused by exposing your personal health information. The April 2, 2026 claim deadline is approaching—file now to secure your payment.
Pro Tip: If you received a breach notification letter from Community First Medical Center, your class member ID is printed on it. This ID makes filing your claim faster and simpler. Don’t throw away that letter—you’ll need it to file online. If you lost it, you can still file but may need to provide additional verification.
What the Community First Medical Center Data Breach Settlement Is
The July 2023 Cyberattack
On July 12, 2023, an unauthorized third party accessed Community First Medical Center’s network systems in Chicago, Illinois. The hacker viewed or acquired files containing protected health information of approximately 216,047 patients.
A forensic investigation launched immediately determined on July 28, 2023 that the intruder had accessed files containing sensitive patient data including full names, telephone numbers, email addresses, Social Security numbers, medical record numbers, and Medicare numbers.
The breach violated HIPAA regulations that require healthcare providers to implement reasonable safeguards to protect patient information. HIPAA’s Security Rule mandates that covered entities use administrative, physical, and technical safeguards to ensure the confidentiality and security of protected health information.
The Class Action Lawsuit
Fifteen separate class action lawsuits were filed against Community First Medical Center over the data breach. Because the lawsuits had overlapping claims, they were consolidated into a single action—Pacheco, et al. v. Community First Healthcare of Illinois, Inc. d/b/a Community First Medical Center—in the Circuit Court of Cook County, Illinois.
The lawsuits alleged negligence, negligence per se, breach of fiduciary duty, breach of contract, breach of implied contract, unjust enrichment, and violations of the Illinois Consumer Fraud and Deceptive Business Practices Act. Plaintiffs claimed Community First Medical Center failed to implement reasonable and appropriate cybersecurity measures to protect their data.
Community First Medical Center denies all claims of liability and wrongdoing. However, after considering the costs, time, burden, and distraction of continuing litigation and the risks associated with trial, the medical center agreed to settle.
Who Is Eligible for the Settlement
You’re eligible if you received a notice from Community First Medical Center informing you that a data incident occurring on or about July 12, 2023 may have compromised your personal or health information.
The settlement covers approximately 216,047 people nationwide whose protected health information was potentially exposed in the breach. You may be eligible even if you didn’t experience actual identity theft or financial loss—the increased risk of identity theft itself is compensable.
You don’t need proof of harm to participate, just proof that you received the breach notification letter or that your information was included in the breach.
How Much Compensation You Can Receive
Option 1: Reimbursement for Out-of-Pocket Losses (Up to $5,000)
Settlement class members who file timely, valid claims can receive up to $5,000 in reimbursement for documented, out-of-pocket losses incurred after and in response to the data breach.
Claimable losses include credit monitoring costs, credit report costs, bank fees, losses from identity theft and fraud, internet usage charges if incurred solely as a result of the breach, and other losses reasonably incurred as a result of the data incident.
For out-of-pocket losses, you must provide receipts, bank statements, bills, or other documents showing the expense and its connection to the data breach.
Option 2: Cash Payment (Estimated $40)
Alternatively, if you don’t submit a claim for reimbursement of losses, you may claim a one-time pro-rata cash payment estimated to be approximately $40. No proof is required for this option.
The cash payment amount may increase or decrease based on the number of valid claims received and will exhaust the settlement fund. If fewer people file claims, your payment increases. If more file, it decreases.
You can choose only one monetary benefit—either reimbursement for losses OR the cash payment, but not both.
Free Credit and Medical Monitoring (All Claimants)
All settlement class members who file valid claims also receive one year of identity theft protection services, credit monitoring, and medical monitoring, including identity theft insurance of $1 million with no deductible, access to fraud resolution agents to help resolve identity theft, credit bureau monitoring, dark web monitoring, and health savings account monitoring.
This benefit can be claimed alongside either monetary settlement option.
How to File Your Claim
Filing Online
Visit CFMCSettlement.com and log in with the unique class member ID found in your settlement notice. Complete the claim form online.
For reimbursement of out-of-pocket losses, upload documentation such as receipts, bank statements, or bills showing your expenses and their connection to the breach.
For the alternative cash payment or credit/medical monitoring, certify that you received notice of the data incident and provide your class member ID if available.
Filing by Mail
Download the PDF claim form from CFMCSettlement.com, print it, fill it out completely, and mail it to: Pacheco, et al. v. CFMC, c/o Kroll Settlement Administration, P.O. Box 5324, New York, NY 10150-5324.
Critical Deadlines
Claims must be submitted online or postmarked by mail no later than April 2, 2026. Miss this deadline and you forfeit your right to compensation.
The deadline to object to or exclude yourself from the settlement is March 3, 2026. The final fairness hearing is March 25, 2026 at 10:00 a.m.
What You Must Know About This Settlement
Important Settlement Details
The $1 million settlement fund covers attorneys’ fees and expenses, settlement administration costs, service awards for named plaintiffs, and payments to class members. The amount each patient receives depends on how many valid claims are filed.
The settlement doesn’t require Community First Medical Center to admit wrongdoing. The settlement is binding on all affected patients unless you opt out by the March 3, 2026 deadline.
File your claim as soon as possible to ensure it’s processed before the deadline. Contact the settlement administrator at 833-754-8355 if you have questions about eligibility or the claim process.
Common Mistakes That Cost People Money
Missing the April 2, 2026 claim deadline forfeits your right to compensation. Not filing a claim at all—some people assume they’ll automatically receive money, but you must file.
Providing incomplete or inaccurate information can result in claim denial. Not keeping copies of documents you submit means you have no proof of what you filed.
Falling for scam emails or calls—the settlement administrator will never ask for payment to process your claim. Legitimate communications come from Kroll Settlement Administration and reference the case name Pacheco, et al. v. CFMC.
Not understanding what the settlement covers—it covers the data breach only, not medical malpractice or treatment issues.
What to Do Next
Immediate Steps to Claim Your Settlement
Verify you’re eligible by checking if you received a breach notification letter. Visit CFMCSettlement.com to find detailed information about eligibility, the claim process, and deadlines.
Gather documentation including your breach notification letter with your class member ID, proof of identity, and receipts or bills for any out-of-pocket expenses related to the breach if claiming reimbursement.
Complete the claim form online or print and mail it before April 2, 2026. Keep copies of everything you submit. Check the website to confirm your claim was received.
Wait for the settlement administrator to review and approve your claim. Once approved and after final court approval, you’ll receive your settlement payment by check or electronic transfer.
Protecting Yourself After a Data Breach
Monitor your credit reports from all three bureaus (Equifax, Experian, TransUnion) regularly for signs of identity theft. Place a fraud alert with the credit bureaus or consider a credit freeze to prevent unauthorized accounts.
Review credit card and bank statements regularly for unauthorized charges. Enroll in the free credit and medical monitoring services provided by the settlement.
Save all documents related to the breach and settlement. Consider reporting the breach to the HHS Office for Civil Rights at hhs.gov/ocr if you believe HIPAA was violated.
Understanding Your Legal Rights
The settlement compensates you for the breach but doesn’t prevent additional legal action if you opt out. If you opt out by March 3, 2026, you may pursue your own lawsuit against Community First Medical Center, but you forfeit settlement compensation.
Most people benefit more from accepting the settlement than opting out and pursuing individual lawsuits. You have rights under HIPAA to access your medical records and request corrections.
You can file complaints with your state attorney general if you believe Community First violated privacy laws. Understanding these rights helps you protect your privacy and hold healthcare providers accountable.
Frequently Asked Questions
What is the Community First Medical Center data breach settlement?
Community First Medical Center agreed to pay $1 million to settle a class action lawsuit over a July 2023 data breach that exposed approximately 216,000 patients’ personal and health information. The settlement provides compensation including cash payments or reimbursement for losses plus free credit monitoring services.
Who is eligible for the settlement?
You’re eligible if you received a notice from Community First Medical Center that the July 12, 2023 data breach potentially compromised your personal or health information. Approximately 216,047 people nationwide are included in the settlement class.
How much money will I receive?
You can receive either up to $5,000 in reimbursement for documented out-of-pocket losses OR an estimated $40 pro-rata cash payment. All claimants also receive one year of free credit and medical monitoring services worth approximately $100-150.
How do I file a claim?
Visit CFMCSettlement.com and file online using your class member ID from your breach notification letter, or download, print, and mail the claim form to the settlement administrator. Claims must be submitted or postmarked by April 2, 2026.
What is the deadline to file a claim?
Claims must be submitted online or postmarked by mail no later than April 2, 2026. The deadline to object to or exclude yourself from the settlement is March 3, 2026. The final fairness hearing is March 25, 2026.
What if I experienced identity theft?
If you experienced actual identity theft or fraud related to the breach, you can claim up to $5,000 in documented losses. File a claim before April 2, 2026 with receipts, bank statements, or other proof of your losses and their connection to the breach.
Can I pursue additional legal action?
If you remain in the settlement class, you give up the right to sue Community First Medical Center separately about this breach. You can opt out by March 3, 2026 to preserve your right to file an individual lawsuit, but you forfeit settlement compensation.
Last Updated: January 14, 2026 — We keep this current with the latest legal developments.
Important Disclaimer: This article provides informational content about the Community First Medical Center $1 million data breach settlement. This is not legal advice. Settlement terms and eligibility requirements are subject to final court approval. For specific legal questions about your situation, consult a qualified attorney. AllAboutLawyer.com does not provide legal services or represent claimants in this settlement.
Take Action: File your claim at CFMCSettlement.com before April 2, 2026. Report identity theft at IdentityTheft.gov. Learn about HIPAA rights at hhs.gov/ocr. For similar cases, see WebTPA Data Breach Settlement and Kaiser Class Action Lawsuit.
Stay informed, stay protected. — AllAboutLawyer.com
About the Author
Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah