Alabama Cardiovascular Group Pays $2,225,000 to Settle its Data Breach Lawsuit

by Ryan Coyne | Feb 1, 2026

Alabama Cardiovascular Group has resolved a class-action data breach litigation as a result of a data security breach discovered on July 2, 2024. The investigators found out that an unauthorized third party got access to its system from June 6, 2024, to July 2, 2024, and extracted files containing patient and employee data. Breached information during the incident included names, contact details, Social Security numbers, medical insurance data, and health data. The data breach impacted 280,534 persons.

Because of the data breach, Alabama Cardiovascular Group faced several class action lawsuits. Considering the case similarities, a consolidated lawsuit was filed in the Circuit Court for Jefferson County, Alabama. The Tammy Brown et al., v. Alabama Cardiology Group P.C. d/b/a Alabama Cardiovascular Group consolidated lawsuit stated claims of breach of contract, negligence, negligence per se, unjust enrichment, breach of implied contract, and breach of fiduciary duty. Alabama Cardiovascular Group rejects all claims of liability and wrongdoing and believes that the data breach did not cause harm to the affected patients and staff members. Nonetheless, to steer clear of the cost of prolonged lawsuit and the uncertainty of trial and corresponding appeals, the Group decided to settle the lawsuit.

The terms of the settlement entails the creation of a $2,225,000 settlement fund by Alabama Cardiovascular Group to pay for lawyers’ fees and expenditures, settlement management costs, class representatives’ service awards, and class members’ benefits. Class members can file a claim for compensation of documented, unreimbursed costs associated with the data breach up to $5,000 for each class member. Otherwise, class members may decide to get a pro rata cash payment that is paid from the left over funds after paying for costs and expenditures and claims. Whether cash payment is chosen, class members will also receive credit monitoring services for two years. The last day to file for exemption and opting out of the settlement is February 4, 2026. Claims need to be submitted by March 6, 2026, since the final approval hearing will be on March 20, 2026.

The decision to settle the litigation early on is a wise move. However, Alabama Cardiovascular Group should also upgrade its HIPAA-training for employees to help prevent future data breaches and enable quick incident response.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Used in 1000+ Healthcare Organizations and 100+ Universities

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter