General Physician P.C.: General Physician $2.5M Data Breach Class Action Settlement

General Physician P.C. Agrees to $2.5M Settlement Over 2024 Data Breach

General Physician P.C. has reached a $2.5 million class action settlement following a cybersecurity incident that exposed the personal and medical data of an estimated 490,210 individuals. The breach, which occurred between April 6 and June 12, 2024, potentially compromised sensitive information, including names, addresses, Social Security numbers, dates of birth, medical records, and financial account details.

Affected individuals current and former patients who received a breach notification letter may qualify for compensation under the settlement. Eligible class members can choose from three benefit options:

• Up to $5,000 for documented losses (e.g., fraudulent charges, identity theft expenses).
• A pro rata cash payment (estimated at $60 but capped at $599) for those without documented losses.
• Two years of credit and medical monitoring, including real-time alerts and $1 million in medical identity theft insurance.

Claims must be submitted online or postmarked by May 27, 2026, with payments expected approximately 90 days after the court’s final approval on June 4, 2026. The settlement fund also allocates up to $833,333.33 for attorneys’ fees and $3,000 each for class representatives.

The lawsuit alleged General Physician P.C. failed to adequately safeguard patient data, though the company denied wrongdoing and settled to avoid prolonged litigation. The breach was disclosed in October 2024, with affected individuals notified shortly after.

Source: https://www.claimdepot.com/settlements/general-physician-data-incident-settlement

General Physician, PC cybersecurity rating report: https://www.rankiteo.com/company/general-physician-pc

"id": "GEN1772491077",
"linkid": "general-physician-pc",
"type": "Breach",
"date": "4/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '490,210',
                        'industry': 'Healthcare',
                        'name': 'General Physician P.C.',
                        'type': 'Healthcare Provider'}],
 'customer_advisories': 'Affected individuals notified via breach notification '
                        'letters and offered compensation or credit monitoring '
                        'services.',
 'data_breach': {'number_of_records_exposed': '490,210',
                 'personally_identifiable_information': 'Names, addresses, '
                                                        'Social Security '
                                                        'numbers, dates of '
                                                        'birth',
                 'sensitivity_of_data': 'High (Social Security numbers, '
                                        'medical records, financial details)',
                 'type_of_data_compromised': ['Personal Identifiable '
                                              'Information (PII)',
                                              'Medical Records',
                                              'Financial Account Details']},
 'date_detected': '2024-06-12',
 'date_publicly_disclosed': '2024-10',
 'description': 'General Physician P.C. has reached a $2.5 million class '
                'action settlement following a cybersecurity incident that '
                'exposed the personal and medical data of an estimated 490,210 '
                'individuals. The breach potentially compromised sensitive '
                'information, including names, addresses, Social Security '
                'numbers, dates of birth, medical records, and financial '
                'account details.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
                                       'failure to safeguard patient data',
            'data_compromised': 'Personal and medical data, including names, '
                                'addresses, Social Security numbers, dates of '
                                'birth, medical records, and financial account '
                                'details',
            'financial_loss': '$2,500,000 (settlement amount)',
            'identity_theft_risk': 'High (exposure of Social Security numbers '
                                   'and financial account details)',
            'legal_liabilities': 'Class action lawsuit settlement',
            'payment_information_risk': 'High (financial account details '
                                        'compromised)'},
 'investigation_status': 'Settled',
 'lessons_learned': 'Failure to adequately safeguard patient data can lead to '
                    'significant financial and reputational consequences.',
 'post_incident_analysis': {'corrective_actions': 'Settlement includes '
                                                  'compensation for affected '
                                                  'individuals and potential '
                                                  'improvements in data '
                                                  'security practices.',
                            'root_causes': 'Inadequate safeguards for patient '
                                           'data'},
 'recommendations': 'Implement stronger data protection measures, regular '
                    'security audits, and employee training to prevent future '
                    'breaches.',
 'references': [{'source': 'Class Action Settlement Notice'}],
 'regulatory_compliance': {'legal_actions': 'Class action lawsuit',
                           'regulations_violated': ['HIPAA (potential)']},
 'response': {'communication_strategy': 'Breach notification letters sent to '
                                        'affected individuals'},
 'title': 'General Physician P.C. Data Breach Settlement',
 'type': 'Data Breach'}