Coastal Orthopedics Agrees to Pay $1.4 Million to Settle Data Breach Litigation
Coastal Orthopedics & Sports Medicine of Southwest Florida (COSM) has agreed to settle class action litigation stemming from a June 2023 cyberattack and data breach that affected 203,427 individuals. Between June 6, 2023, and June 11, 2023, hackers had access to its network and exfiltrated files containing patient names, dates of birth, Social Security numbers, driver’s license numbers, diagnoses, treatment information, financial account information, health insurance information, and other types of sensitive data.
Multiple lawsuits were filed against COSM over the data breach, two in the Circuit Court of the Twelfth Judicial Circuit in and for Manatee County, Florida, by plaintiffs Karl Ford and Barbara Balbo, and one in the Middle District of Florida, Tampa Division, by plaintiff Vikki Comarsh-White. A notice of voluntary dismissal was filed by plaintiff Comarsh-White, and the other two lawsuits were consolidated into a single lawsuit, In Re: Coastal Orthopedics & Sports Medicine of Southwest Florida Data Breach Litigation, in October 2024.
The lawsuit alleged negligence for failing to implement reasonable security measures to prevent unauthorized access to its network. COSM denied and continues to deny any wrongdoing or liability, but agreed to settle the litigation to avoid the uncertainty, risks, and expense of ongoing litigation. Under the terms of the settlement, COSM has agreed to pay $1,403,646.30 to cover claims from the plaintiffs and class members, legal costs, expenses, class representative awards, and attorneys’ fees. The attorneys will be paid no more than 33.33% of the settlement fund, or $467,882.10, and a maximum of $25,000 can be claimed for costs and expenses. The three class representatives will each receive a service award payment of $2,500.
Class members may submit a claim for reimbursement of documented monetary losses reasonably traceable to the data breach up to a maximum of $10,000 per class member. In addition, class members will receive two years of single-bureau credit monitoring services, which include a $1 million fraud and identity theft insurance policy. Regardless of whether a class member submits a claim for reimbursement of losses, they are entitled to receive a pro rata cash payment, which will be paid from the remainder of the settlement fund. Class members have been assigned to one of two groups: Group 1 includes individuals whose Social Security numbers were compromised, and all other class members have been placed in Group 2. The cash payments for members of Group 1 will be three times the amount of Group 2.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The settlement has been agreed upon by all parties and has received preliminary approval from the court. The deadline for objection to the settlement is July 14, 2025; the deadline for exclusion from the settlement is August 13, 2025; and the deadline for filing a claim is August 13, 2025. The final fairness hearing has been scheduled for July 28, 2025.
The plaintiffs and class were represented by Mariya Weeks of Millberg Coleman Bryson Phillips Grossman, PLLC, and Katherine Earle Yanes of Kynes, Markman & Feldman P.A. Full details of the settlement can be found on https://coastalorthopedicssettlement.com/
