Eastern Radiologist Settles Cyberattack Lawsuit for $3.25 Million

Overview of the Settlement

In a case that highlights the pervasive issue of data security breaches, Eastern Radiologist has settled a class action lawsuit resulting from a cyberattack that compromised the personal and medical information of almost 890,000 individuals. The Superior Court in Pitt County, North Carolina, has mandated Eastern Radiologist to pay a total of $3.25 million, which translates to potential compensation of up to $5,000 for each affected individual.

Details of the Breach

According to claims filed in the lawsuit, the cyberattack occurred between November 20 and November 24, 2023, with unauthorized access to sensitive information reported on or around November 24. The data exposed includes not only names and Social Security numbers but also crucial health-related information, such as medical records and billing account numbers.

"We regret any inconvenience this incident may have caused to our patients," stated a representative from Eastern Radiologist.

The Class Action Lawsuit

The allegations against Eastern Radiologist encompass several serious charges. Plaintiffs accuse the company of negligence and breach of fiduciary duty, arguing that the organization failed to adequately protect sensitive patient information. Furthermore, violations of various North Carolina laws were also asserted.

• Negligence
• Breach of Implied Contract
• Invasion of Privacy

Despite denying all charges of wrongdoing, Eastern Radiologist opted for a settlement due to the potential high costs and protracted nature of continued litigation.

Significance of the Case

This incident amplifies the conversation around healthcare data security. Data breaches like this not only jeopardize the financial and personal well-being of individuals but also erode trust in healthcare providers. With over 70 board-certified physicians and multiple care points, Eastern Radiologist has been a longstanding healthcare provider in the Greenville and eastern North Carolina area.

The settlement offers a crucial lesson to healthcare organizations about the importance of robust cybersecurity measures in protecting sensitive patient information.

What's Next for Affected Individuals

Those affected by the breach are encouraged to submit claims by the deadline of December 1, 2025. The settlement will be finalized in a hearing scheduled for December 15, 2025. Should you wish to opt-out of the settlement, an exclusion request must be submitted by October 28, 2025. The settlement fund will cover various out-of-pocket losses linked to identity theft or fraud, with a clear pathway for claim submission outlined in the settlement documents.

Conclusion

As we witness an increase in cyberattacks particularly targeting sensitive healthcare data, this settlement underscores the necessity for organizations to prioritize data security to safeguard vulnerable populations. The financial compensation following this lawsuit may help to mitigate some of the impact on affected individuals, but the long-term ramifications of the breach remain to be seen.