Case Overview

Case: Cardiovascular Consultants Data Breach Class Action Settlement

Settlement Amount: $3.85 million

Incident: 2023 data breach involving protected health information

Claim Deadline: TBD — check settlement site for current deadline

Who May Qualify: Patients whose protected health information was exposed in the breach

Cardiovascular Consultants $3.85M Data Breach Settlement: What Affected Patients Should Know

A Phoenix-area cardiology practice has agreed to pay $3.85 million to resolve class action litigation stemming from a 2023 data breach that allegedly exposed the protected health information of patients. Here is what affected individuals should know about the settlement and how they may be able to file a claim.

According to a recent report from the HIPAA Journal, Cardiovascular Consultants — a cardiovascular care provider based in Arizona — reached the multi-million dollar settlement to resolve claims brought by patients whose sensitive medical and personal information was compromised in the breach.

1. Cardiovascular Consultants Data Breach Settlement

Settlement Amount: $3.85 million

Incident Date: 2023

Data Exposed: Protected health information (PHI)

Who May Qualify: Current and former patients of Cardiovascular Consultants whose personal or health information was affected by the breach

A 2023 cyberattack on Cardiovascular Consultants allegedly resulted in unauthorized access to patients' protected health information. The class action lawsuit that followed accused the cardiology group of failing to implement adequate data security measures to safeguard sensitive patient records. The $3.85 million settlement, if approved by the court, would provide compensation to affected patients who submit valid claims.

Healthcare data breaches are particularly significant because the information at risk — which may include diagnoses, treatment records, insurance details, and Social Security numbers — can expose patients to identity theft and fraud for years following an incident. Unlike a compromised credit card, medical records and personal identifiers cannot simply be changed.

How to claim: Affected patients should monitor the official settlement website for claim filing instructions and deadlines. Class members may receive notice of the settlement directly via mail or email.

Key Takeaways

• Medical data breaches carry long-term risk. Exposed protected health information — including diagnoses, insurance data, and Social Security numbers — may be used in identity theft and fraud long after the original breach occurred.
• You may not need to prove direct harm to file a claim. Many healthcare data breach settlements allow class members to submit claims based on their inclusion in the breach, though some tiers of compensation may require documented proof of out-of-pocket losses.
• Watch for your class notice. If you were a patient of Cardiovascular Consultants and your information was involved in the 2023 breach, you may receive a formal settlement notice by mail or email. That notice will include instructions for submitting a claim.
• Court approval is still required. The $3.85 million settlement must receive final approval from the presiding court before any payments are distributed. Individual payout amounts will depend on the number of valid claims submitted and the settlement's compensation structure.
• Deadlines matter. Class action settlement claim windows are strictly enforced. Missing the filing deadline typically means forfeiting any potential compensation from the settlement fund.

This article is based on reporting from the HIPAA Journal. InjuryClaims.com does not provide legal advice. Settlement details, deadlines, and eligibility requirements may change. Individuals seeking guidance on their specific situation should consult a qualified attorney.

Have you been affected by a healthcare data breach or filed a claim in a medical privacy settlement? Share your experience in the comments below.