Alabama Cardiology Group Reaches $2.2M Settlement Over 2024 Data Breach
Alabama Cardiology Group P.C. (d/b/a Alabama Cardiovascular Group) has agreed to a $2.225 million settlement to resolve a class action lawsuit stemming from a July 2, 2024, data breach that exposed sensitive personal and health information. The breach potentially compromised the data of U.S. residents who received a written notice from the organization regarding the incident.
Eligible class members—individuals whose personally identifiable information (PII) or protected health information (PHI) was affected—may claim benefits under the settlement. These include:
- Expense reimbursement of up to $5,000 for documented, unreimbursed out-of-pocket losses directly tied to the breach (e.g., credit monitoring fees, late charges, or professional services).
- Pro rata cash payments as an alternative to reimbursement, with amounts determined by the number of valid claims.
- Two years of credit monitoring via CyEx Medical Shield Complete, including one-bureau monitoring and $1 million in identity theft insurance.
Claims must be submitted by March 6, 2026, either online or via mail/email to the settlement administrator. Documentation is required for expense reimbursement, while cash payments and credit monitoring only require an attestation of eligibility. Payouts will be distributed after final court approval, expected by March 20, 2026, and may be reduced pro rata if claims exceed available funds.
The lawsuit alleged the group failed to adequately safeguard patient and employee data, leading to unauthorized access. Alabama Cardiology Group denies wrongdoing but settled to avoid prolonged litigation. The $2.225 million fund covers settlement costs, attorneys’ fees (up to $741,659.25), credit monitoring, and payments to class members.
Source: https://www.claimdepot.com/settlements/alabama-cardio-data-settlement
Alabama Cardiovascular Group cybersecurity rating report: https://www.rankiteo.com/company/alabama-cardiovascular-group-pc
"id": "ALA1766167382",
"linkid": "alabama-cardiovascular-group-pc",
"type": "Breach",
"date": "7/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Individuals residing in the '
'United States whose personally '
'identifiable information or '
'protected health information '
'was potentially compromised',
'industry': 'Healthcare',
'location': 'Alabama, USA',
'name': 'Alabama Cardiology Group P.C. d/b/a Alabama '
'Cardiovascular Group',
'type': 'Healthcare Provider'}],
'customer_advisories': 'Written notice to affected individuals regarding the '
'data breach and settlement details',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally identifiable '
'information',
'Protected health information']},
'date_detected': '2024-07-02',
'description': 'Alabama Cardiology Group P.C. d/b/a Alabama Cardiovascular '
'Group agreed to pay $2,225,000 to resolve a class action '
'lawsuit alleging it failed to adequately protect patient and '
'employee data, resulting in unauthorized access to sensitive '
'personal and health information.',
'impact': {'data_compromised': 'Personally identifiable information and '
'protected health information',
'financial_loss': '$2,225,000',
'identity_theft_risk': 'High',
'legal_liabilities': 'Class action lawsuit settlement'},
'post_incident_analysis': {'root_causes': 'Failure to adequately protect '
'personal and health information'},
'references': [{'source': 'Class action settlement notice'}],
'regulatory_compliance': {'legal_actions': 'Class action lawsuit'},
'response': {'communication_strategy': 'Written notice to affected '
'individuals'},
'title': 'Alabama Cardiology Group $2.2M Data Breach Settlement',
'type': 'Data Breach'}