Cardiovascular Consultants, a New Jersey-based cardiology practice, has agreed to settle a data breach lawsuit for $3.85 million, with claims now open for affected patients nationwide. The company denies any wrongdoing but chose to settle to avoid the costs and uncertainties of ongoing litigation. If you received a notice in the mail or via email indicating that your personal information was compromised in the September 2023 breach, you may be eligible to receive compensation ranging from an estimated $75 base payment to up to $5,000 in reimbursement for documented losses like identity theft or credit monitoring services.
The breach exposed sensitive patient data including Social Security numbers, medical diagnoses, insurance information, and driver’s license numbers from thousands of current and former patients. The settlement also includes two years of complimentary medical monitoring services for class members. With a claim deadline of July 1, 2026, affected patients need to understand their eligibility, what documents to gather, and how to file before time runs out.
Table of Contents
- What Triggered the Cardiovascular Consultants Settlement?
- What Personal Information Was Exposed and Why It Matters?
- How Much Money Will Class Members Receive from the Settlement?
- What Are the Claim Deadlines and How Do You File?
- What Documentation Do You Need and What if You Don’t Have Receipts?
- What Medical Monitoring Benefits Are Included?
- What Does This Settlement Mean for Future Healthcare Data Breach Cases?
- Frequently Asked Questions
What Triggered the Cardiovascular Consultants Settlement?
cardiovascular consultants discovered a cybersecurity incident on September 29, 2023, involving unauthorized access, encryption, and theft of patient data. Rather than litigate the class action lawsuit that followed, the practice agreed to the $3.85 million settlement—a decision common in healthcare breaches where the cost of defense and potential jury awards exceed the settlement value. Healthcare organizations often settle data breach cases within two to three years of discovery, as legal costs can quickly accumulate and settlements provide certainty for both the company and affected patients.
The breach affected current and former patients nationwide, making this a geographically broad class action rather than limited to New Jersey residents. Any person who received treatment at Cardiovascular Consultants or whose data was in their patient systems became a potential class member. The settlement was necessary because the exposed data could enable identity theft, fraudulent medical billing, and other serious harms that extend beyond the initial breach date.
What Personal Information Was Exposed and Why It Matters?
The breach compromised a comprehensive set of personal and medical information: full names, mailing addresses, dates of birth, Social Security numbers, driver’s license and state ID numbers, insurance policy and guarantor information, medical diagnoses and treatment details, billing records, and emergency contact information. This combination is particularly dangerous because it provides criminals with everything needed to open fraudulent accounts, file fake insurance claims, or conduct medical identity theft. Unlike credit card fraud, medical identity theft can damage your health records, affect future treatment, and be extremely difficult to resolve.
The inclusion of both financial identifiers (SSNs, insurance details) and medical records means affected individuals face multiple types of identity theft risk simultaneously. For example, a criminal could use your SSN and medical information to file claims with your insurance company, obtain prescriptions in your name, or seek medical services under your identity—issues that can persist for years even after the initial incident is resolved. This is why the settlement specifically includes two years of medical monitoring rather than just credit monitoring.
How Much Money Will Class Members Receive from the Settlement?
The Cardiovascular Consultants settlement offers compensation through multiple pathways, with a total cap of $5,000 per class member. Class members will receive an estimated baseline payment of $75 each, though this amount may increase or decrease depending on the total number of valid claims filed. This baseline compensation is meant to acknowledge the harm and inconvenience of the breach itself, regardless of whether you experienced documented losses.
Beyond the baseline payment, you can seek up to $5,000 in reimbursement for documented, unreimbursed expenses directly traceable to the breach—such as identity theft losses, credit monitoring subscription fees, credit report freezing or unfreezing costs, and fraud-related expenses. Unlike settlements where only a few large claimants receive compensation, this structure ensures that class members who took steps to protect themselves are reimbursed for those protective measures. However, keep in mind that expenses must be documented with receipts and traced to the breach; speculative or general security spending won’t qualify.
What Are the Claim Deadlines and How Do You File?
The critical deadline is July 1, 2026 at 11:59 p.m. Mountain time—whether you submit your claim online or by postmark. The final approval hearing is scheduled for August 18, 2026, which means the court will decide on any remaining disputes after this date. Delaying your claim beyond July 1 means forfeiting compensation entirely, so marking this date in your calendar now is essential. The settlement administrator will accept claims submitted online through the official settlement website, or by U.S.
Mail if you prefer the traditional method. To file a claim, you’ll need your class member ID, which appears on the settlement notice you received. This ID is critical—without it, you won’t be able to prove your membership in the class action. If you’ve lost the notice, contact the settlement administrator through the official settlement website to request a replacement. Filing is straightforward and can be completed in 15–30 minutes with basic information about your claim and any documented losses you’re seeking reimbursement for.
What Documentation Do You Need and What if You Don’t Have Receipts?
To claim reimbursement for documented losses, you’ll need receipts or proof of payment—credit card statements, bank statements, invoices from credit monitoring services, or receipts from credit freezing/unfreezing fees. The settlement requires that losses be traceable to the breach, meaning you should have documentation showing both the expense and its connection to preventing or responding to potential identity theft. If your credit monitoring service automatically charged your card, a statement showing that charge is sufficient proof.
A common mistake is claiming expenses without documentation. For example, you might claim that you spent time and money dealing with suspicious activity, but without receipts or transaction records, the claim administrator cannot verify the amount. However, identity theft losses that resulted in direct financial harm—such as a fraudulent charge that your bank didn’t reverse—should be supported by fraud dispute letters, bank statements showing the charge, and correspondence with the credit card company. If you caught fraudulent activity early and had it reversed without out-of-pocket loss, you still qualify for the baseline $75 payment.
What Medical Monitoring Benefits Are Included?
Class members receive two years of complimentary medical monitoring services at no cost, with the possibility of reducing to one year if the settlement fund runs low. Medical monitoring means that a third-party service will help you monitor your medical records for unauthorized access, unauthorized charges, or suspicious account activity in your name. This is distinct from credit monitoring, which tracks financial accounts; medical monitoring specifically watches the healthcare system for signs of medical identity theft.
Two years is considered the standard monitoring period for healthcare breaches, reflecting the time frame in which most identity theft activity emerges after a breach. If you prefer credit monitoring instead of medical monitoring, that option is also available. Some class members may already have credit monitoring through their homeowner’s or car insurance, or through their employer, so having a choice between the two services makes the settlement more practical. You don’t need to use both services unless you believe your risk is particularly high; one of them should be sufficient for most people.
What Does This Settlement Mean for Future Healthcare Data Breach Cases?
The Cardiovascular Consultants settlement is one of several healthcare data breach settlements that have closed in recent years, reflecting a growing trend of litigation against healthcare organizations that fail to adequately secure patient data. Class members in other healthcare breaches have received similar or larger settlements, suggesting that $3.85 million is a reasonable—though not exceptional—outcome for a nationwide breach affecting thousands of people.
As healthcare organizations face increasing pressure from regulators, patients, and courts, investment in cybersecurity and rapid breach notification has become a competitive and legal necessity. The settlement also demonstrates that healthcare organizations will often choose to settle rather than dispute breach claims in court, particularly when the exposed data is comprehensive and the potential for identity theft is clear. This means that if you were affected by a healthcare data breach, a settlement claim is often your most viable path to compensation, since proving individual damages in court would be costly and time-consuming.
Frequently Asked Questions
Do I have to prove that I experienced identity theft to receive compensation?
No. Every class member is eligible for the estimated $75 baseline payment simply by being part of the class, regardless of whether you experienced actual identity theft. The baseline is meant to compensate you for the breach itself. However, if you did experience documented losses, you can claim up to $5,000 in reimbursement on top of the baseline payment.
What if I don’t have the original settlement notice with my class member ID?
Contact the settlement administrator through the official settlement website and request a replacement notice. You’ll need to provide some personal information to verify your identity, and they will issue a new notice with your class member ID. Do this as soon as possible to ensure you have time to file before July 1, 2026.
Can I claim expenses that occurred before the breach was discovered (before September 29, 2023)?
No. Reimbursable losses must be traceable to the breach and documented after the breach was discovered. Expenses before September 29, 2023 are not eligible, even if you later realized they were related to the incident. Focus on documented expenses incurred after you received your breach notification letter.
If I’m already getting credit monitoring through my employer or insurance, do I still get the settlement’s monitoring services?
Yes. The settlement offers credit monitoring and medical monitoring as separate benefits. If you already have credit monitoring elsewhere, you can choose to receive medical monitoring instead, which specifically watches for unauthorized activity in healthcare systems using your identity. Both are beneficial and complementary.
What happens if I file my claim late, even by a few days?
The July 1, 2026 deadline is absolute. Claims postmarked or submitted online after 11:59 p.m. Mountain time will be rejected, and you will forfeit all compensation. There are no extensions or exceptions. If you need to mail your claim, do so several days before the deadline to ensure it arrives on time.
Can I increase my baseline payment by claiming expenses I’m not certain about?
No. You can only claim documented, reimbursable expenses that you can prove with receipts or statements. Uncertain or speculative claims will be denied and may flag your entire claim for review. Stick to expenses you can fully document with supporting evidence.
You Might Also Like
- Claim Form Now Available in $3.85 Million Cardiovascular Consultants Data Breach
- How to File a Claim in Krispy Kremes $1.6 Million Data Breach Settlement
- Eye Physicians of Central Florida Data Breach Settlement Now Open for Claims