Yes, a claim form is now available for the $3.85 million Cardiovascular Consultants data breach settlement. If you received a breach notification letter related to unauthorized access at Cardiovascular Consultants Ltd. in September 2023, you’re eligible to file a claim for compensation. This settlement resolves a class action lawsuit resulting from a data breach that exposed personal and medical information for approximately 484,000 individuals.
The breach occurred on or before September 27, 2023, and was discovered on September 29, 2023, affecting patients who had received care at the cardiovascular practice. The settlement provides multiple forms of compensation: a base cash payment of approximately $75 per person, up to $5,000 in reimbursement for documented losses directly caused by the breach, and 24 months of complimentary credit monitoring and identity theft protection services. To receive any compensation, you must submit a valid claim by July 1, 2026.
Table of Contents
- What Data Was Exposed in the Cardiovascular Consultants Breach?
- When Was the Breach Discovered and When Were Victims Notified?
- How Much Compensation Can Affected Individuals Receive?
- What Is the Step-by-Step Claims Process?
- What Are the Eligibility Requirements and Key Deadlines?
- What Credit Monitoring and Fraud Protection Services Are Included?
- What Are Common Mistakes to Avoid When Filing Your Claim?
What Data Was Exposed in the Cardiovascular Consultants Breach?
The unauthorized access at Cardiovascular Consultants Ltd. compromised extensive personal and medical information on 484,000 individuals. The exposed data includes names, mailing addresses, dates of birth, Social Security numbers, driver’s license numbers, state ID numbers, insurance policy information, diagnosis and treatment details, and medical and billing records.
This combination of data makes breach victims particularly vulnerable to identity theft because a bad actor now has enough information to open fraudulent accounts or commit fraud using your name and identity. The severity of this data exposure is why credit monitoring alone isn’t sufficient—the settlement recognizes this by offering both monitoring services and compensation for actual losses. Someone with your full name, Social Security number, date of birth, and driver’s license number can potentially apply for credit cards, loans, or other financial products in your name. Additionally, having diagnosis and treatment information exposed creates privacy concerns and potential discrimination risks if misused.
When Was the Breach Discovered and When Were Victims Notified?
Cardiovascular Consultants Ltd. discovered the data breach on September 29, 2023, though the unauthorized access had occurred on or before September 27, 2023. However, the company did not notify affected individuals until more than two months later, on December 2, 2023.
This significant delay between discovery and notification meant that victims’ compromised information was exposed to potential misuse for an extended period before they were informed to take protective action. The notification delay underscores an important limitation of many data breach response procedures: companies may take weeks or months to investigate the full scope of what happened before notifying victims. During this window, fraudulent activity may already be occurring. This is precisely why the settlement includes two years of proactive credit monitoring and fraud resolution services—to help catch and address any misuse that may have already happened before the notification letter arrived.
How Much Compensation Can Affected Individuals Receive?
The settlement provides a multi-tiered compensation structure. All eligible claim filers receive a base cash payment estimated at $75, though this amount can increase or decrease depending on the total number of valid claims received and the remaining settlement fund balance. Beyond this base payment, you can claim up to $5,000 in documented losses—but only for expenses directly traceable to the data breach itself, such as identity theft recovery costs, fraud losses, credit monitoring fees (for services not provided by the settlement), credit freeze and unfreeze fees, and similar direct damages.
It’s important to understand that the $5,000 reimbursement is not automatic—it requires documentation. For example, if you spent $300 on a credit monitoring service before learning about the settlement’s free monitoring benefit, you could potentially claim that expense with a receipt. If someone opened a fraudulent credit card in your name and you had to pay $500 in unauthorized charges before the fraud was caught, that might qualify. However, speculative or indirect damages like lost time or emotional distress typically do not qualify under class action settlement standards.
What Is the Step-by-Step Claims Process?
Filing your claim involves submitting either an online form or a mailed claim form to Kroll Settlement Administration LLC, the company administering the settlement. You can submit your claim online before the July 1, 2026 deadline, or mail a completed claim form with a postmark date on or before July 1, 2026. If submitting online, the deadline is 11:59 p.m. Mountain Time on July 1, 2026.
To file, you’ll need to provide basic identification information proving you were affected by the breach, such as your name and address from your breach notification letter. If you’re claiming reimbursement for documented losses, you’ll need to submit receipts, invoices, or other proof of those expenses along with your claim form. The claims administrator is Kroll Settlement Administration LLC, located at P.O. Box 225391, New York, NY 10150-5391 (reference Settlement Administrator – 83376 in correspondence). You should keep copies of everything you submit and consider sending your claim via certified mail if using the postal service, so you have proof of delivery.
What Are the Eligibility Requirements and Key Deadlines?
To be eligible for compensation from this settlement, you must have lived in the United States at the time of the breach and received a breach notification letter from Cardiovascular Consultants Ltd. regarding this specific 2023 data breach. Simply being a patient of Cardiovascular Consultants is not sufficient—you must have received official notification about the unauthorized access. The critical deadline is July 1, 2026 (11:59 p.m.
Mountain Time for online submissions; postmark deadline for mailed claims). Missing this deadline means forfeiting all compensation from this settlement. The Final Approval Hearing is scheduled for August 18, 2026, after which claim payments will be processed. Note that if you received your breach notification letter but have since lost it, you can still file a claim if you can prove you were a patient with Cardiovascular Consultants during the relevant time period. However, the deadline does not change or extend based on when you file—every eligible claimant must submit before July 1, 2026.
What Credit Monitoring and Fraud Protection Services Are Included?
All settlement members, whether they submit a claim or not, are entitled to 24 months of complimentary credit monitoring, identity theft protection, and fraud resolution services provided through the settlement. These services typically include credit report monitoring to alert you of suspicious activity, identity theft insurance, and a dedicated fraud resolution team to help if unauthorized accounts are opened in your name.
This benefit is particularly valuable for breach victims because you don’t have to purchase these services separately—they’re automatically available for two years from the settlement date. Many people in data breach situations make the mistake of purchasing their own credit monitoring service without realizing it was available free through the settlement. If you’ve already purchased credit monitoring, that may be an eligible expense for reimbursement under the documented losses category, though you should have documentation and a receipt to support such a claim.
What Are Common Mistakes to Avoid When Filing Your Claim?
One frequent error is waiting until the last week before the deadline to file. Although July 1, 2026 seems far away, claims submitted in the final days risk postal delays or website outages that could cause them to arrive after the deadline. Filing early ensures no technical or logistical issues jeopardize your compensation. Another common mistake is discarding your breach notification letter before filing your claim—this letter may contain important identification numbers or reference information that proves your eligibility.
Keep all documentation related to the breach, including the notification letter and any correspondence with Cardiovascular Consultants, until your claim is fully processed. Additionally, many claimants overlook the documented losses reimbursement option, assuming they can only receive the base $75 payment. If you incurred any breach-related expenses—credit monitoring, credit freezes, identity theft resolution, or fraud losses—gather your receipts and documentation. Even if you’re uncertain whether an expense qualifies, it’s better to include it with documentation than to miss the opportunity entirely. The claims administrator will review what qualifies and adjust accordingly.