Heart South Cardiovascular Group, a cardiac and vascular care provider in Clanton, Centreville, and Alabaster in central Alabama, has decided to resolve the lawsuit associated with a May 2024 data breach that impacted 20,577 individuals. Heart South Cardiovascular Group discovered the attack on May 30, 2024. Forensic investigation results indicated unauthorized access to its system from May 29, 2024 to May 30, 2024. The hackers possibly acquired names, addresses, birth dates, Social Security numbers, driver’s license numbers, diagnoses, laboratory results, prescription medicines, and other treatment details.
The data breach prompted the filing of multiple lawsuits, which were combined into one, the Kornegay et al. v. Heart South Cardiovascular Group, P.C. lawsuit. The lawsuit was filed in the Circuit Court of Bibb County, Alabama, and mentioned a few claims: negligence for the lack of proper HIPAA-certified safety measures to avoid unauthorized viewing of sensitive patient information, negligence per se, breach of an express or implied contract, wantonness, and unjust enrichment.
The Group did not admit to any wrongdoing or claim in the lawsuit. But it decided to negotiate the lawsuit to steer clear of the expenses, disruptions, and uncertainties related to ongoing litigation. The terms of the settlement require Heart South Cardiovascular Group to create a $500,000 settlement fund to pay for the $186,666.66 maximum attorneys’ fees, legal expenses (not yet decided), settlement administration costs (not yet decided), $4,000 service awards to each of the 5 class representatives/plaintiffs), credit monitoring services, and class members’ payments.
Class members could file a claim for refund of documented, unreimbursed out-of-pocket expenses fairly linked to the data breach that occurred on or after May 29, 2024. The maximum amount that each class member can claim is $5,000. All class members could also claim Medical Shield Complete services for two years, which consist of dark web monitoring, credit monitoring, real-time inquiry notifications, and a $1 million identity theft insurance coverage. Every class member may likewise submit a cash payment claim. The cash payment is expected to be approximately $50. This is the amount adjusted pro rata after paying fees, expenditures, and claims.
The last day for filing an objection to or exclusion from the settlement is September 9, 2025. Claims may be filed on or before October 9, 2025. The final fairness hearing is not yet scheduled.
