Eastern Radiologists Agrees to $3.35 Million Data Breach Settlement
Eastern Radiologists in North Carolina has agreed to pay $3.25 million to settle a class action lawsuit over a 2023 data breach that was reported to the HHS’ Office for Civil Rights as involving the protected health information of 886,746 patients. The Eastern Radiologists data breach that prompted the class action lawsuit was detected on November 24, 2023. The investigation confirmed that a threat actor had access to its network from November 20, 2023, to November 24, 2023, and copied files containing patient information. Data compromised in the incident included names, contact information, Social Security numbers, driver’s license numbers, financial account numbers, insurance information, procedure information, diagnoses, and imaging results.
Several class action lawsuits were filed in response to the data breach. Due to the lawsuits having overlapping claims, they were consolidated into a single lawsuit, Powers et al. v. Eastern Radiologists, Inc., in the General Court of Justice, Superior Court Division, in Pitt County, North Carolina. The consolidated class action complaint alleges that Eastern Radiologists failed to implement reasonable and appropriate cybersecurity measures, did not adhere to FTC guidelines on cybersecurity or follow industry standards, and that its conduct violated the Health Insurance Portability and Accountability (HIPAA). In addition to negligence, the lawsuit asserted claims of negligence per se, breach of implied contract, breach of fiduciary duty, unjust enrichment, invasion of privacy, and violations of North Carolina’s Unfair and Deceptive Trade Practices Act.
Eastern Radiologists deny all claims and contentions in the lawsuit and maintain that there was wrongdoing. After considering the risks associated with the litigation and the costs of continuing with the lawsuit, all parties agreed to settle the litigation. Under the terms of the settlement, Eastern Radiologists will establish a $3,250,000 settlement fund out of which attorneys’ fees and expenses, settlement administration costs, and service awards for the named plaintiffs will be deducted. The remainder of the fund will be used to pay benefits to the class members.
All class members may claim one year of medical account monitoring services and one of two cash payments. A claim may be submitted for reimbursement of documented, unreimbursed out-of-pocket losses due to the data breach up to a maximum of $5,000 per class member. The cash payments for losses have been capped at $200,000 and will be paid pro rata should that total be reached. Alternatively, class members may claim a cash payment, which may be subject to a pro rata increase or decrease.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The deadline for exclusion and objection is October 28, 2025. Claims must be submitted by December 1, 2025, and the final approval hearing has been scheduled for December 15, 2025. Claims will be paid between 30 and 60 days after the final approval hearing.
