Industry - Data Breach
Executive Summary
Cardiovascular Consultants agreed to pay $3.85 million to settle a class action lawsuit stemming from a September 2023 cyberattack that exposed patients' Social Security numbers, medical records, addresses, and other sensitive information. Affected individuals who received breach notification can claim up to $5,000 for documented out-of-pocket losses related to the incident, plus two years of medical monitoring services. The cardiology practice denied wrongdoing but settled to avoid ongoing l...
What Happened
In September 2023, Cardiovascular Consultants Ltd., an Arizona-based cardiology practice, suffered a cyberattack in which hackers accessed computer systems, encrypted information, and stole sensitive patient data. The compromised information included names, Social Security numbers, medical records, addresses, dates of birth, driver's license numbers, and health insurance details. The practice discovered the breach in September 2023 and subsequently notified affected patients in late 2023.
Who Is Affected
Thousands of patients who received care from Cardiovascular Consultants Ltd. and resided in the United States at the time of the breach are affected. These individuals had their personal health information and identity documents exposed, creating risks of medical identity theft, insurance fraud, and financial harm. All affected individuals received direct notification from the practice about the compromise of their data.
Why It Matters
The $3.85 million settlement represents one of the larger payouts for healthcare data breaches and demonstrates the financial liability healthcare providers face when cybersecurity protections fail. The incident highlights ongoing vulnerabilities in medical practices' handling of protected health information, particularly for smaller specialty providers that may lack enterprise-level security infrastructure. The settlement provides unusually robust compensation, including up to $5,000 per person for documented losses and two years of medical monitoring services.
What You Should Do
If you received a breach notification from Cardiovascular Consultants in late 2023, file a claim by July 1, 2026 at cvcdatasettlement.com to receive an estimated $75 cash payment and two years of medical monitoring without submitting documentation. If you incurred out-of-pocket expenses related to the breach such as credit monitoring costs, fraud remediation, or credit freezing fees, gather your receipts and claim up to $5,000 in reimbursement. Monitor your medical records and insurance statements for unauthorized services or billing, and consider placing a fraud alert or credit freeze on your accounts given the exposure of Social Security numbers.
AI-Assisted
Event summaries are generated by Claude AI from verified sources and reviewed by humans before publication.