Alabama Cardiovascular Group Up to $5,000 Data Breach Settlement for Impacted Patients

On July 2, 2024 Alabama Cardiovascular Group experienced a data breach that reportedly exposed patients’ personal and medical information, and the resulting class action has led to a settlement offering up to $5,000 per affected person for those who received a breach notice. The settlement portal notes a claims deadline of March 6, 2026 and indicates no proof of loss is required to submit a claim, which can make it easier for many patients to participate; the suit was filed on the theory that the practice failed to adequately safeguard protected health information and mitigate the harm from the exposure. That filing matters because it compensates individuals for identity and medical privacy risks while holding a healthcare provider publicly accountable for cybersecurity lapses. This case fits into a broader pattern: healthcare providers and their vendors are frequent targets of ransomware and data exfiltration, and recent multi-million dollar class actions and regulatory enforcement actions have pushed the industry toward stronger controls. Under federal HIPAA rules and state breach-notification laws, covered entities must protect patient data and promptly notify affected individuals and regulators—failures can trigger both private lawsuits and Office for Civil Rights investigations. Beyond the immediate payouts, settlements like this tend to spur providers to invest more in encryption, third-party risk management, incident response planning, and transparency to restore patient trust.