Anyone who got a letter from Great Valley Cardiology (or Commonwealth Health Physician Network-Cardiology) stating that their information may have been exposed in a data breach.
What’s Going On?
Attorneys working with ClassAction.org are looking into whether a lawsuit can be filed against Great Valley Cardiology in light of a recent data breach that may have exposed current and former patients’ personal and medical information for over two months.
What Could I Get from a Lawsuit?
A class action lawsuit could help compensate victims for any harm they experienced as a result of the data breach. It could also potentially force Great Valley Cardiology to improve its data security.
Attorneys working with ClassAction.org want to hear from anyone who received notice that their information may have been exposed in the Great Valley Cardiology data breach that occurred between February 2 and April 14, 2023.
On June 12, the Pennsylvania healthcare provider reported that unauthorized parties may have had access to 181,764 current and former patients’ personal information – including Social Security numbers, financial information and treatment details – for over two months.
The attorneys have reason to believe that Great Valley Cardiology may not have had adequate data security policies in place to prevent and detect the breach and may have waited an unreasonably long time before notifying affected patients. They’re now looking into whether a class action lawsuit can be filed against Great Valley Cardiology to help compensate victims – but they first need to speak with more people who were affected.
Great Valley Cardiology Data Breach: What Happened?
Great Valley Cardiology recently sent letters to current and former patients, and patients of “participating providers,” whose information may have been exposed in a months-long data breach earlier this year.
According to a notice posted on Great Valley Cardiology’s website, the following patient information may have been accessed by hackers:
Names and addresses
Dates of birth
Social Security numbers
Driver’s license or passport numbers
Credit or debit card information
Bank account information
Health insurance details and claims information
Medical information (including dates of service, diagnoses, medications, lab results and other treatment information)
Great Valley Cardiology says it is unable to determine whether the hackers viewed or exfiltrated the data to which they had access, and no mention has been made of a ransom demand or the identity of the responsible party. According to news reports, the data breach was the result of a “brute force” attack, meaning the hackers used software to repeatedly guess passwords until one was successful.
Great Valley Cardiology reportedly admitted that it only learned about the data breach after being notified by the U.S. Department of Homeland Security on April 13, by which time the hackers had had access to patient information for more than two months. Despite knowing about the incident since mid-April, however, the healthcare provider waited until June 12 to report the breach and begin mailing letters to affected individuals.
How Could a Lawsuit Help Data Breach Victims?
A class action lawsuit could potentially provide compensation for any damages resulting from the data breach, including:
Loss of privacy
Lost time spent responding to the breach (such as monitoring accounts, obtaining credit reports and medical records, or addressing fraudulent uses of your information)
Money spent responding to the breach (such as the cost of credit reports, bank fees, or additional credit monitoring and identity theft protection)
Unreimbursed losses resulting from the breach (such as fraudulent charges or medical bills)
Damage to credit
A lawsuit could also require Great Valley Cardiology to implement better data security to ensure its patients’ information is protected against future data breaches.