Pinehurst Radiology Associates and Tallahassee Memorial HealthCare: Pinehurst Radiology Associates & Tallahassee Memorial HealthCare Settle Class Action Data Breach Lawsuits

Pinehurst Radiology and Tallahassee Memorial HealthCare Settle Data Breach Lawsuits

Two healthcare providers have reached settlements in separate class action lawsuits over data security incidents in 2025.

Pinehurst Radiology Associates agreed to settle claims stemming from a January 2025 cybersecurity breach that exposed the protected health information (PHI) of 8,682 individuals. The North Carolina-based medical imaging center detected the incident on January 20, 2025, confirming that sensitive data including names, Social Security numbers, medical records, and insurance details had been compromised. Affected patients were notified in May 2025.

Plaintiffs alleged negligence in failing to implement adequate cybersecurity measures, though Pinehurst Radiology denied wrongdoing. The settlement, preliminarily approved on September 30, 2025, includes 12 months of medical data monitoring with a $1 million identity theft insurance policy for class members. Victims may also claim up to $500 in reimbursement for documented losses incurred between January 20, 2025, and April 9, 2026. The final fairness hearing is set for April 6, 2026, with claims due by April 9, 2026.

Tallahassee Memorial HealthCare settled a lawsuit over its use of website tracking pixels, which allegedly shared patients’ PHI with third parties like Meta and Google without consent. The lawsuit claimed the tools collected user interaction data for marketing purposes, violating privacy laws, including the Florida Security of Communications Act and the Electronic Communications Privacy Act. Tallahassee Memorial denied liability but opted to settle to avoid litigation costs.

Under the agreement, class members can receive a 24-month membership to CyEx Financial Shield Complete and a $17 cash payment. The final fairness hearing is scheduled for March 2, 2026. Both settlements reflect ongoing legal and financial consequences for healthcare organizations following data exposure incidents.

Source: https://www.hipaajournal.com/pinehurst-radiology-tallahassee-memorial-healthcare-settlements/

Pinehurst Radiology Associates TPRM report: https://www.rankiteo.com/company/pinehurst-radiology-assoc

Tallahassee Memorial HealthCare TPRM report: https://www.rankiteo.com/company/tallahasseememorial

"id": "pintal1770906715",
"linkid": "pinehurst-radiology-assoc, tallahasseememorial",
"type": "Breach",
"date": "1/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '8682',
                        'industry': 'Medical Imaging',
                        'location': 'North Carolina, USA',
                        'name': 'Pinehurst Radiology Associates',
                        'type': 'Healthcare Provider'},
                       {'industry': 'Healthcare',
                        'location': 'Florida, USA',
                        'name': 'Tallahassee Memorial HealthCare',
                        'type': 'Healthcare Provider'}],
 'attack_vector': ['Unknown (Pinehurst)',
                   'Website Tracking Pixels (Tallahassee Memorial)'],
 'customer_advisories': 'Patient notifications (Pinehurst)',
 'data_breach': {'number_of_records_exposed': '8682 (Pinehurst)',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High (PHI)',
                 'type_of_data_compromised': ['Names',
                                              'Social Security Numbers',
                                              'Medical Records',
                                              'Insurance Details']},
 'date_detected': '2025-01-20',
 'date_publicly_disclosed': '2025-05-01',
 'description': 'Two healthcare providers, Pinehurst Radiology Associates and '
                'Tallahassee Memorial HealthCare, have reached settlements in '
                'separate class action lawsuits over data security incidents '
                'in 2025. Pinehurst Radiology suffered a cybersecurity breach '
                'exposing PHI of 8,682 individuals, while Tallahassee Memorial '
                'faced allegations of sharing PHI with third parties via '
                'website tracking pixels.',
 'impact': {'brand_reputation_impact': 'Likely negative',
            'data_compromised': 'Protected Health Information (PHI)',
            'identity_theft_risk': 'High (Pinehurst)',
            'legal_liabilities': 'Class action lawsuits'},
 'investigation_status': 'Settled (Preliminary Approval)',
 'post_incident_analysis': {'corrective_actions': 'Settlement agreements '
                                                  'including identity theft '
                                                  'monitoring and cash '
                                                  'payments',
                            'root_causes': 'Negligence in cybersecurity '
                                           '(Pinehurst), Unauthorized data '
                                           'sharing (Tallahassee Memorial)'},
 'references': [{'source': 'Cyber Incident Description'}],
 'regulatory_compliance': {'legal_actions': 'Class action lawsuits',
                           'regulations_violated': ['Florida Security of '
                                                    'Communications Act '
                                                    '(Tallahassee Memorial)',
                                                    'Electronic Communications '
                                                    'Privacy Act (Tallahassee '
                                                    'Memorial)']},
 'response': {'communication_strategy': 'Patient notifications (Pinehurst)'},
 'title': 'Pinehurst Radiology and Tallahassee Memorial HealthCare Data Breach '
          'Settlements',
 'type': ['Data Breach', 'Privacy Violation']}