Fresenius Medical Care AG and Cardiovascular Consultants: Arizona cardiology practice paying $3.85M to resolve lawsuit after data breach

Cardiovascular Consultants Settles $3.85M Lawsuit Over 2023 Data Breach

Cardiovascular Consultants, a Phoenix-based cardiology practice, has agreed to a $3.85 million settlement to resolve a class action lawsuit stemming from a September 2023 data breach. The funds will cover litigation costs and compensate affected patients.

The breach exposed sensitive data of approximately 500,000 patients, including names, mailing addresses, dates of birth, emergency contact details, and Social Security numbers. Additionally, the personal information of around 200 employees may have been compromised. At the time of the incident, the practice was a subsidiary of Fresenius Medical Care AG.

In December 2023, affected individuals were notified and offered two years of complimentary identity monitoring. The settlement marks the latest resolution in the fallout from the cyberattack.

Source: https://cardiovascularbusiness.com/topics/healthcare-management/healthcare-economics/arizona-cardiology-practice-paying-385m-resolve-lawsuit-after-data-breach

Cardiovascular Consultants Medical Group cybersecurity rating report: https://www.rankiteo.com/company/cardiovascular-consultants-medical-group

Fresenius Medical Care cybersecurity rating report: https://www.rankiteo.com/company/freseniusmedicalcare

"id": "CARFRE1775507258",
"linkid": "cardiovascular-consultants-medical-group, freseniusmedicalcare",
"type": "Breach",
"date": "9/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '500,000 patients and 200 '
                                              'employees',
                        'industry': 'Healthcare',
                        'location': 'Phoenix, Arizona, USA',
                        'name': 'Cardiovascular Consultants',
                        'type': 'Healthcare Provider'}],
 'customer_advisories': 'Two years of complimentary identity monitoring '
                        'offered to affected individuals',
 'data_breach': {'number_of_records_exposed': '500,000 patients and 200 '
                                              'employees',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Names',
                                              'Mailing addresses',
                                              'Dates of birth',
                                              'Emergency contact details',
                                              'Social Security numbers']},
 'date_detected': '2023-09',
 'date_publicly_disclosed': '2023-12',
 'description': 'Cardiovascular Consultants, a Phoenix-based cardiology '
                'practice, has agreed to a $3.85 million settlement to resolve '
                'a class action lawsuit stemming from a September 2023 data '
                'breach. The breach exposed sensitive data of approximately '
                '500,000 patients and personal information of around 200 '
                'employees.',
 'impact': {'data_compromised': 'Sensitive patient and employee data',
            'financial_loss': '$3.85 million',
            'identity_theft_risk': 'High',
            'legal_liabilities': 'Class action lawsuit'},
 'investigation_status': 'Settled',
 'references': [{'source': 'Cyber Incident Description'}],
 'regulatory_compliance': {'legal_actions': 'Class action lawsuit'},
 'response': {'communication_strategy': 'Notification to affected individuals '
                                        'in December 2023'},
 'title': 'Cardiovascular Consultants Data Breach Settlement',
 'type': 'Data Breach'}