Great Valley Cardiology Data Breach: Lawsuit Investigation on Behalf of Victims
Last Updated on July 2, 2024
Investigation Complete
Attorneys working with ClassAction.org have finished their investigation into this matter.
Check back for any potential updates. The information on this page is for reference only.
Free Consumer Tools:
- Open and Current Class Action Lawsuit Settlements and Rebates
- Open and Current Class Action Lawsuit List, Investigations
- Class Action Lawsuit and Settlement News
- Free Class Action Lawsuit Database
At A Glance
- This Alert Affects:
- Anyone who got a letter from Great Valley Cardiology (or Commonwealth Health Physician Network-Cardiology) stating that their information may have been exposed in a data breach.
- What’s Going On?
- Attorneys working with ClassAction.org are looking into whether a lawsuit can be filed against Great Valley Cardiology in light of a recent data breach that may have exposed current and former patients’ personal and medical information for over two months.
- What Could I Get from a Lawsuit?
- A class action lawsuit could help compensate victims for any harm they experienced as a result of the data breach. It could also potentially force Great Valley Cardiology to improve its data security.
Attorneys working with ClassAction.org want to hear from anyone who received notice that their information may have been exposed in the Great Valley Cardiology data breach that occurred between February 2 and April 14, 2023.
On June 12, the Pennsylvania healthcare provider reported that unauthorized parties may have had access to 181,764 current and former patients’ personal information – including Social Security numbers, financial information and treatment details – for over two months.
The attorneys have reason to believe that Great Valley Cardiology may not have had adequate data security policies in place to prevent and detect the breach and may have waited an unreasonably long time before notifying affected patients. They’re now looking into whether a class action lawsuit can be filed against Great Valley Cardiology to help compensate victims – but they first need to speak with more people who were affected.
Great Valley Cardiology Data Breach: What Happened?
Great Valley Cardiology recently sent letters to current and former patients, and patients of “participating providers,” whose information may have been exposed in a months-long data breach earlier this year.
According to a notice posted on Great Valley Cardiology’s website, the following patient information may have been accessed by hackers:
- Names and addresses
- Dates of birth
- Social Security numbers
- Driver’s license or passport numbers
- Credit or debit card information
- Bank account information
- Health insurance details and claims information
- Medical information (including dates of service, diagnoses, medications, lab results and other treatment information)
Great Valley Cardiology says it is unable to determine whether the hackers viewed or exfiltrated the data to which they had access, and no mention has been made of a ransom demand or the identity of the responsible party. According to news reports, the data breach was the result of a “brute force” attack, meaning the hackers used software to repeatedly guess passwords until one was successful.
Great Valley Cardiology reportedly admitted that it only learned about the data breach after being notified by the U.S. Department of Homeland Security on April 13, by which time the hackers had had access to patient information for more than two months. Despite knowing about the incident since mid-April, however, the healthcare provider waited until June 12 to report the breach and begin mailing letters to affected individuals.
How Could a Lawsuit Help Data Breach Victims?
A class action lawsuit could potentially provide compensation for any damages resulting from the data breach, including:
- Loss of privacy
- Lost time spent responding to the breach (such as monitoring accounts, obtaining credit reports and medical records, or addressing fraudulent uses of your information)
- Money spent responding to the breach (such as the cost of credit reports, bank fees, or additional credit monitoring and identity theft protection)
- Unreimbursed losses resulting from the breach (such as fraudulent charges or medical bills)
- Damage to credit
A lawsuit could also require Great Valley Cardiology to implement better data security to ensure its patients’ information is protected against future data breaches.
Before commenting, please review our comment policy.