Industry - Data Breach
Executive Summary
Phoenix-based Cardiovascular Consultants agreed to pay $3.85 million to settle a class action lawsuit following a September 2023 data breach in which attackers accessed systems, encrypted data, and stole patient information including names, addresses, birth dates, Social Security numbers, and driver's license numbers. The practice denied wrongdoing but settled to avoid ongoing litigation costs and risks. The breach affected patients' personal and health information due to what the lawsuit all...
What Happened
In September 2023, Phoenix-based Cardiovascular Consultants experienced a cybersecurity incident in which attackers accessed computer systems, encrypted information, and stole patient data. The compromised information included names, mailing addresses, dates of birth, Social Security numbers, and driver's license or state ID numbers. In March 2026, the practice agreed to pay $3.85 million to settle a class action lawsuit related to the breach, while denying any wrongdoing.
Who Is Affected
Patients of Cardiovascular Consultants whose personal and health information was stored in the practice's systems at the time of the September 2023 breach are affected. The stolen data includes highly sensitive identification information such as Social Security numbers and driver's license numbers, which can be used for identity theft and financial fraud. The settlement provides compensation to class members who experienced these data exposures.
Why It Matters
This breach demonstrates the ongoing vulnerability of healthcare providers to ransomware and data theft attacks that combine encryption with information exfiltration. The $3.85 million settlement reflects the significant financial and legal consequences healthcare organizations face when patient data protection fails. Medical practices hold some of the most sensitive personal information, making them high-value targets and creating substantial privacy risks for patients when security measures prove inadequate.
What You Should Do
If you were a patient of Cardiovascular Consultants, monitor your credit reports and bank statements closely for signs of identity theft or unauthorized activity. Consider placing a fraud alert or credit freeze with the three major credit bureaus (Equifax, Experian, and TransUnion) to prevent new accounts from being opened in your name. If you are eligible for the class action settlement, submit a claim according to the process outlined in the settlement notice. Change passwords for any healthcare portals or accounts associated with the practice.
AI-Assisted
Event summaries are generated by Claude AI from verified sources and reviewed by humans before publication.