Alabama Cardiovascular Group, operating as Alabama Cardiology Group P.C., has agreed to pay $2.25 million to settle a class action lawsuit over a data breach that exposed patient and employee personal information. The breach occurred between June 6, 2024, and July 2, 2024, when unauthorized individuals gained access to sensitive data files. This settlement represents one of the larger healthcare data breach settlements in recent years, providing compensation to affected patients through direct payments, credit monitoring services, and other protections. Class members affected by this breach can file claims for documented, unreimbursed costs resulting from the unauthorized access to their personal information, with individual compensation capped at $5,000 per person. The settlement also includes two years of complimentary credit monitoring services for all class members. The case, styled as Tammy Brown, et al., v.
Alabama Cardiology Group P.C. d/b/a Alabama Cardiovascular Group, was filed in the Circuit Court of Jefferson County, Alabama (Case No. 01-CV-2024-903135). For those affected, understanding the settlement process, claim deadlines, and compensation options is critical. The claim submission deadline is March 6, 2026, and class members must take action to receive compensation. This timeline is shorter than many settlements, making prompt attention essential for eligible individuals.
Table of Contents
- What Data Was Exposed in the Alabama Cardiology Breach?
- Settlement Terms and Available Compensation Explained
- Credit Monitoring and Identity Protection Services
- How to File a Claim and Meet Deadlines
- Important Exclusion and Opt-Out Deadlines
- Credit Monitoring Enrollment and Claims Administration
- The Broader Context of Healthcare Data Breach Settlements
- Conclusion
- Frequently Asked Questions
What Data Was Exposed in the Alabama Cardiology Breach?
The June-July 2024 data breach compromised patient and employee personal data files maintained by Alabama Cardiovascular Group. The specific categories of information exposed have not been fully detailed in public filings, but healthcare data breaches of this nature typically include names, dates of birth, social security numbers, medical record numbers, insurance information, and financial account details. The scope of the breach appears substantial enough to trigger the settlement of this magnitude.
The notification process for affected individuals began after July 2, 2024, when the breach was discovered. Unlike some healthcare data breaches that remain undetected for months or years, this breach was identified relatively quickly. However, the month-long window during which unauthorized access occurred means that any individual who received care or conducted business with Alabama Cardiovascular Group during that period may have been affected. The limitation here is that breach notification letters don’t always specify exactly which data categories were compromised for each individual patient.
Settlement Terms and Available Compensation Explained
The $2.25 million settlement fund is divided among three primary compensation mechanisms: individual claim payments, credit monitoring services, and claims administration costs. class members can claim up to $5,000 for documented, unreimbursed expenses directly caused by the breach. These covered expenses typically include costs for credit monitoring services purchased before the settlement (at least some of which the settlement now covers), identity theft recovery services, time spent monitoring accounts and resolving fraudulent charges, and out-of-pocket losses from identity theft or fraud. Filing a claim requires documentation of your losses.
You’ll need to provide receipts, invoices, or proof of payment for the expenses you’re claiming. The submission process is straightforward but administrative in nature—you must complete a claim form available on the official settlement website (alabamacardiodatasettlement.com) and mail or submit it by the March 6, 2026 deadline. A significant limitation is that many people don’t have receipts for every expense, and the settlement requires documentation to support claims. If you cannot locate all receipts, it may be worth claiming what you can document rather than claiming nothing.
Credit Monitoring and Identity Protection Services
All class members automatically receive two years of complimentary credit monitoring services as part of the settlement, whether or not they file an individual claim. This is a valuable benefit even if you don’t submit a claim for unreimbursed expenses. Credit monitoring typically includes daily credit report monitoring, credit score tracking, fraud alerts, and identity theft insurance. These services help detect unauthorized accounts opened in your name or suspicious account activity.
The credit monitoring benefit addresses one of the primary risks following a data breach: identity theft and fraudulent account creation. Because your personal information, including potentially your social security number, was exposed to unauthorized parties, the ongoing risk of fraud extends beyond the initial breach period. The two-year window provides substantial protection, though you may want to consider continuing monitoring after the benefit expires. A practical consideration is that you’ll need to enroll in the credit monitoring service—it’s not automatically provided. Instructions for enrollment should be included in breach notification materials, and enrollment instructions are available on the settlement website.
How to File a Claim and Meet Deadlines
The claim filing process requires three key steps: gathering documentation of your losses, completing the claim form, and submitting it before March 6, 2026. The official settlement website, alabamacardiodatasettlement.com, provides the claim form and detailed instructions. You’ll need to submit documentation showing your out-of-pocket expenses—receipts for credit monitoring services, proof of identity theft recovery costs, or documentation of fraud losses. The website also provides a claims administrator’s address for mailing claims and may offer an online submission option.
Meeting the March 6, 2026 deadline is critical because claims submitted after this date will generally not be accepted. Unlike some settlements with claim periods of 12-18 months, this settlement has a relatively compressed timeline from the 2024 breach date. If you were affected and incurred expenses, it’s worth gathering documentation now and submitting your claim several weeks before the deadline to avoid last-minute processing issues. A practical comparison: those who proactively document their expenses immediately after the breach will have an easier time meeting this deadline than those who wait until February 2026 to start searching for receipts.
Important Exclusion and Opt-Out Deadlines
Class members have the option to exclude themselves from the settlement or file what’s called an “opt-out” request. The opt-out deadline is February 4, 2026, which has already passed if you’re reading this after that date. Class members who exclude themselves cannot receive any settlement benefits—compensation, credit monitoring, or claims payments—but they also cannot sue Alabama Cardiovascular Group individually for the same data breach claims covered by the settlement. This is a permanent choice once the deadline passes.
One critical warning: if you’ve already received breach notification materials from Alabama Cardiovascular Group, check whether you inadvertently opted out by failing to respond to settlement documentation. Many class members miss opt-out deadlines simply because they didn’t realize the settlement existed or didn’t understand the deadline’s importance. Once February 4, 2026 passes, opting out is no longer available. The final approval hearing is scheduled for March 20, 2026, at which point the settlement becomes final and binding on all remaining class members who did not timely exclude themselves.
Credit Monitoring Enrollment and Claims Administration
To receive the two-year credit monitoring benefit, you’ll need to actively enroll through the claims administrator. Simply being in the class action does not automatically provide the service—enrollment is required. The claims administrator typically manages both the credit monitoring enrollment and the individual claim payment process. Their contact information, enrollment instructions, and claim forms are available on the settlement website.
If you have questions about your eligibility, the claim process, or enrollment in credit monitoring, the claims administrator’s customer service line is the primary point of contact. The settlement administrator is responsible for determining which claims are valid, calculating individual payments, and distributing funds to approved class members. The process typically takes several months after the final approval date. Approved claims are usually paid by check mailed to the address on file, though some settlements offer digital payment options. A specific example of the timeline: someone who files a claim by March 6, 2026 might expect payment by mid-to-late 2026, several months after claim approval.
The Broader Context of Healthcare Data Breach Settlements
The Alabama Cardiology settlement reflects the ongoing challenge facing healthcare providers regarding data security and patient privacy. Healthcare organizations handle some of the most sensitive personal information—medical histories, genetic data, financial and insurance information, and social security numbers—making them attractive targets for unauthorized access. This settlement amount, while significant, is one of several large healthcare data breach settlements reached in recent years as regulators, plaintiff’s attorneys, and courts recognize the value of patient data and the costs of inadequate security measures.
Going forward, affected patients should remain vigilant about credit monitoring and account security even after the two-year credit monitoring period expires. The personal information exposed in this breach remains valuable to fraudsters, meaning the identity theft risk extends beyond the settlement period. Class members are encouraged to maintain good credit monitoring practices and verify the accuracy of their credit reports long-term.
Conclusion
The $2.25 million settlement for the Alabama Cardiology data breach provides meaningful compensation and protections for affected patients. Class members can claim up to $5,000 for documented unreimbursed expenses, receive two years of credit monitoring, and benefit from the broader protections the settlement establishes. The key to receiving compensation is taking action before the March 6, 2026 claim deadline—gathering documentation of your losses and submitting a completed claim form to the settlement administrator.
If you received a breach notification letter from Alabama Cardiovascular Group, your next steps are straightforward: enroll in the complimentary credit monitoring service and file a claim if you incurred any unreimbursed expenses related to the breach. Visit alabamacardiodatasettlement.com for detailed claim forms, deadlines, and contact information for the claims administrator. Don’t miss the opportunity to recover your losses; the settlement fund exists specifically to compensate class members who were affected by this breach.
Frequently Asked Questions
Can I file a claim if I haven’t yet experienced any fraud or identity theft from this breach?
Yes. You can claim compensation for documented preventive measures you took in response to the breach, such as credit monitoring services you purchased after learning about the breach. You must have receipts or documentation of the expense to submit a claim.
What happens if I don’t file a claim by March 6, 2026?
If you don’t submit a claim by the deadline, you forfeit your right to claim compensation for unreimbursed expenses. However, you will still receive the two years of complimentary credit monitoring service if you enrolled. After the deadline passes, unclaimed settlement funds are typically distributed to remaining approved claimants or donated to a related cause.
How do I enroll in the credit monitoring service?
Instructions for enrollment are available on the official settlement website, alabamacardiodatasettlement.com. You’ll need to contact the claims administrator with your settlement claim or class member information. Credit monitoring enrollment is separate from filing a claim for compensation.
What types of expenses qualify for the $5,000 claim compensation?
Typically covered expenses include credit monitoring services purchased after the breach, identity theft insurance or protection services, costs of mailing documentation or certified letters to creditors, and verified out-of-pocket losses from identity theft or fraud. Medical identity theft recovery costs also typically qualify. You must have documentation of the expense.
Is there a minimum claim amount, or can I claim less than $5,000?
No minimum claim amount exists. You can claim whatever unreimbursed expenses you can document, whether that’s $50, $500, or up to the $5,000 maximum. Even small documented expenses are worth claiming and submitting.
What if I moved and didn’t receive the breach notification letter?
Contact the claims administrator directly through the settlement website if you believe you should be included in the class but didn’t receive notification. They can verify your eligibility and ensure you receive settlement materials and information about enrollment deadlines.