Excelsior Orthopaedics Agrees to $2.4M Settlement Following 2024 Data Breach
Excelsior Orthopaedics LLP and Buffalo Surgery Center LLC have reached a $2.4 million settlement in a class action lawsuit stemming from a June 2024 cyberattack that exposed the personal and protected health data of up to 357,000 individuals. The breach, discovered on or around June 24, 2024, allegedly resulted from inadequate security measures, allowing unauthorized access to sensitive files.
Eligible class members current and former patients and employees in the U.S. who received notice of the incident may file claims for compensation. Options include:
- Documented loss payments of up to $5,000 for out-of-pocket expenses (e.g., fraud-related fees, credit monitoring, or identity theft costs).
- Pro rata cash payments for those without documented losses, with amounts determined by the total number of claims.
- Two years of free three-bureau credit monitoring, available via an activation code in settlement notices.
Claims must be submitted by June 11, 2026, with payments issued approximately 90 days after final court approval, expected by July 8, 2026. The settlement fund covers administrative costs, up to $800,000 in attorneys’ fees, service awards for class representatives, and credit monitoring expenses, with remaining funds distributed to claimants.
While Excelsior Orthopaedics and Buffalo Surgery Center deny wrongdoing, the settlement mandates enhanced security protocols. The incident underscores the financial and operational risks of healthcare data breaches.
Source: https://www.claimdepot.com/settlements/excelsior-data-settlement
Excelsior Orthopaedics LLP TPRM report: https://www.rankiteo.com/company/excelsior-orthopaedics
Buffalo Surgery Center LLC TPRM report: https://www.rankiteo.com/company/buffalo-surgery-center-llc
"id": "bufexc1773859100",
"linkid": "buffalo-surgery-center-llc, excelsior-orthopaedics",
"type": "Breach",
"date": "6/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '357,000',
'industry': 'Healthcare',
'location': 'U.S.',
'name': 'Excelsior Orthopaedics LLP',
'type': 'Healthcare Provider'},
{'customers_affected': '357,000',
'industry': 'Healthcare',
'location': 'U.S.',
'name': 'Buffalo Surgery Center LLC',
'type': 'Healthcare Provider'}],
'customer_advisories': 'Settlement notices with compensation options for '
'affected individuals',
'data_breach': {'number_of_records_exposed': '357,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal data',
'Protected health data']},
'date_detected': '2024-06-24',
'description': 'Excelsior Orthopaedics LLP and Buffalo Surgery Center LLC '
'have reached a $2.4 million settlement in a class action '
'lawsuit stemming from a June 2024 cyberattack that exposed '
'the personal and protected health data of up to 357,000 '
'individuals. The breach allegedly resulted from inadequate '
'security measures, allowing unauthorized access to sensitive '
'files.',
'impact': {'data_compromised': 'Personal and protected health data',
'financial_loss': '$2.4 million settlement',
'identity_theft_risk': 'High',
'legal_liabilities': 'Class action lawsuit'},
'lessons_learned': 'The incident underscores the financial and operational '
'risks of healthcare data breaches.',
'post_incident_analysis': {'corrective_actions': 'Enhanced security protocols',
'root_causes': 'Inadequate security measures'},
'recommendations': 'Enhanced security protocols',
'references': [{'source': 'Settlement Notice'}],
'regulatory_compliance': {'legal_actions': 'Class action lawsuit'},
'response': {'communication_strategy': 'Settlement notices to affected '
'individuals',
'remediation_measures': 'Enhanced security protocols'},
'title': 'Excelsior Orthopaedics Data Breach Settlement',
'type': 'Data Breach',
'vulnerability_exploited': 'Inadequate security measures'}