Azura Vascular Care to Pay $3.15 Million to Settle Data Breach Lawsuit

April 6, 2025HIPAA News0

Fresenius Vascular Care, Inc., also called Azura Vascular Care, agreed to settle a class action lawsuit. Azura Vascular Care, headquartered in Pennsylvania, manages 70 outpatient vascular centers and ambulatory surgery facilities in Puerto Rico and 25 states. When Azura Vascular Care detected suspicious system activity on October 9, 2023, it commenced a forensic investigation that confirmed hackers got access to its system from September 27, 2023 to October 9, 2023, and likely stole patients’ protected health information (PHI).

The data breach at Azura Vascular Care impacted 348,000 individuals and guarantors exposing data including names, mailing addresses, birth dates, contact data, emergency contact details, drivers’ license numbers, state ID numbers, Social Security numbers, insurance details, diagnosis and treatment data, other data from healthcare or billing records, and guarantor details.

The plaintiffs took legal action against Azura Vascular Care because of the data breach. Allegedly, the defendant, a HIPAA-covered entity, did not employ reasonable and proper cybersecurity procedures to avoid unauthorized access to its system and sensitive patient information. Azura Vascular Care dismissed the allegations and denied any wrongdoing or liability. Nevertheless, it decided to negotiate the lawsuit to stop further legal charges and steer clear of the risks related to continuing litigation.

Based on the settlement terms, Azura Vascular Care will create a $3.15 million settlement fund to pay for claims filed by class members, service awards for class representatives, attorneys’ fees, and legal fees and costs. Those who received a breach notification letter could file a claim for a refund of documented expenses incurred because of the data breach to as much as $10,000.

Additionally, class members could file a claim for a cash payment. This will be settled pro rata after all claims are paid and lawyers’ fees and other expenses are subtracted from the settlement money. Azura Vascular Care has likewise carried out changes and improvements to its data security system to better secure against cyberattacks and data security incidents later on. The cost of upgrades is not part of the settlement fund.

The last day for filing an objection to or exclusion from the settlement is over. All claims must be filed or postmarked by June 30, 2025. The court has given preliminary approval of the settlement. The schedule of the final approval hearing is June 16, 2025.

About Thomas Brown
Thomas Brown worked as a reporter for several years on ComplianceHome. Thomas is a seasoned journalist with several years experience in the healthcare sector and has contributed to healthcare and information technology news publishers. Thomas has a particular interest in the application of healthcare information technology to better serve the interest of patients, including areas such as data protection and innovations such as telehealth. Follow Thomas on X https://x.com/Thomas7Brown

ComplianceHome is a registered trademark. Copyright © 2025 ComplianceHome. All rights reserved.