Industry - Lawsuit
Executive Summary
Cardiovascular Consultants agreed to pay $3.85 million to settle a class action lawsuit over a September 2023 data breach that exposed patients' sensitive health information. Affected individuals can claim up to $5,000 for documented out-of-pocket losses related to the breach, or receive an estimated $75 cash payment without proof, plus two years of free medical monitoring services. The settlement received preliminary court approval in February 2026 and covers all U.S. residents whose persona...
What Happened
Cardiovascular Consultants Ltd., a healthcare practice in Arizona, experienced a data breach discovered in September 2023 that potentially compromised patients' sensitive personal and health information. The company agreed to pay $3.85 million to settle a class action lawsuit filed in February 2026 alleging violations of HIPAA, the Federal Trade Commission Act, and Arizona Consumer Fraud Act for failing to adequately protect patient data stored on its systems. The settlement received preliminary court approval on February 24, 2026.
Who Is Affected
All United States residents whose personal information was potentially compromised in the September 2023 breach are covered by the settlement, specifically those who received official notice of the incident from Cardiovascular Consultants. Affected individuals had their sensitive health information exposed due to inadequate security measures at the healthcare practice.
Why It Matters
This settlement demonstrates that healthcare providers can face significant financial consequences for failing to implement adequate data security protections for patient information under HIPAA and state consumer protection laws. The breach compromised sensitive medical data, which is particularly valuable to identity thieves and can lead to medical fraud, insurance fraud, and long-term privacy harms that extend beyond typical financial data breaches. The settlement amount and benefits reflect the heightened duty of care expected from medical practices handling protected health information.
What You Should Do
If you received a notice about this breach, file a claim form at CVCDataSettlement.com using your class member ID before the deadline to receive an estimated $75 cash payment and eligibility for two years of free Kroll Medical Monitoring services. If you experienced documented out-of-pocket losses from the breach such as identity theft costs, credit monitoring expenses, or fraud-related expenses, gather receipts and proof to claim reimbursement up to $5,000. Monitor your medical records and explanation of benefits statements for any unauthorized medical services or insurance claims filed in your name, and consider placing a fraud alert on your credit reports.
AI-Assisted
Event summaries are generated by Claude AI from verified sources and reviewed by humans before publication.
Sources