Posted On February 7, 2023 Consumer Privacy & Data Breaches
February 7, 2023 – Cardiovascular Associates filed notice of a data breach on February 3, 2023 with the California Attorney General after determining that patients’ information was leaked when an unauthorized party gained access to company computer systems. Information that was accessed included protected health information. According to the filing, an unauthorized party gained access to consumers’ names, dates of birth, Social Security numbers, financial account information, credit/debit information, billing and claims information, and medical and treatment information. After confirming that there was a data leak, Cardiovascular Associates sent out notification letters to all individuals affected.
The data breach lawyers at Console & Associates, P.C. are currently looking into the data breach at Cardiovascular Associates. If you have been notified of the breach and are curious about your options to protect yourself and if you are able to receive financial compensation from the company, we are offering no-cost consultations to talk about your lawful options.
Cardiovascular Associates is a healthcare company that is affiliated with Brookwood Baptist Health and provides vascular care and heart services, interventional cardiology, preventative cardiology, and advanced cardiac imaging. Based in Birmingham, Alabama, Cardiovascular Associated has 11 locations throughout Alabama. The company generates approximately $1.2 billion in revenue annually and employs over 4,300 people.
The information provided is from Cardiovascular Associate’s filing with the California Attorney General’s office. According to the filing, the company discovered that its computer systems had been compromised and that an unauthorized party may have gained access to confidential consumer information on December 5, 2022. Cardiovascular Associates began working with a third-party firm specializing in forensics to determine if information had been exposed.
After confirming the leak, the company determined that consumers’ names, dates of birth, Social Security numbers, financial account information, credit/debit information, billing and claims information, and medical and treatment information had been compromised, though the information varies by individual.
On February 3, 2023, Cardiovascular Associates sent out letters to all individuals whose sensitive information had been compromised.
As a patient, you probably felt comfortable providing your personal information to a company like Cardiovascular Associates. However, this data breach has caused many to doubt the organization’s ability to protect your information. It is their responsibility to provide security and vigilantly guard your sensitive data. If you have received a notification that you are a victim of this breach, you may be able to take legal action against Cardiovascular Associates and receive financial reparation. It is essential to be aware of your rights in such a situation.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Cardiovascular Associates data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
Below is a notice posted to their website:
Cardiovascular Associates (“CVA”) experienced a data security incident that may have affected your personal information. On December 5, 2022, it was discovered that certain systems within CVA’s network may have been subject to unauthorized activity. In response to this incident, steps were quickly taken to restrict further unauthorized activity, an investigation of the incident was immediately launched, and a national forensic firm was engaged to assist with investigation and remediation efforts. In the course of the investigation, it was determined that an unauthorized third party was able to access certain systems that contained personal information and remove a copy of some data from the network between November 28, 2022 and December 5, 2022.
Based on the review, the personal information involved in this incident may have included one or more of the following elements: (1) demographic information to identify and contact the patient, such as full name, date of birth, and address; (2) Social Security number; (3) health insurance information, such as name of insurer/government payor and member ID, policy and/or group number; (4) medical and treatment information, such as medical record number, dates of service, provider and facility names, other visit, procedure and diagnosis information, and possibly assessments, tests and imaging; (5) billing and claims information, such as account and/or claim status, billing and diagnostic codes, and payor information; (6) passport and driver’s license number; (7) credit and debit card information; and (8) financial account information. For a limited subset of individuals, the information may have also included username and password. Please note that not all data elements were involved for all individuals.
CVA takes the security of personal information seriously. As soon as the incident was discovered, a forensic investigation was launched, and steps were taken to mitigate and remediate the incident and to help prevent further unauthorized activity. In response to this incident, security and monitoring capabilities are being enhanced and systems are being hardened as appropriate to minimize the risk of any similar incident in the future.
CVA is providing additional information on general steps individuals can take to monitor and protect their personal information in Additional Resources at the top of this page. Individuals should carefully review credit reports and statements sent from healthcare providers and financial institutions as well as their insurance company to ensure that all account activity is valid. Any questionable charges should be promptly reported to the provider or company which maintains the account. CVA has arranged to offer free credit monitoring and identity restoration services to individuals whose Social Security number, credit card/debit card or financial account information, passport or driver’s license number may have been involved.
CVA has established a dedicated assistance line for individuals seeking additional information regarding this incident. For the next 90 days, individuals who have questions about this matter or would like additional information can call toll-free 1-833-753-3802 during 9 a.m. – 9 p.m. Eastern Time, Monday through Friday, except holidays. This substitute notice and toll-free number will remain active for at least 90 days.
CVA is committed to protecting the privacy and security of personal information that it receives and sincerely regrets any inconvenience this incident may cause. Individuals potentially affected by this incident are being mailed notice letters. Since it is possible there may be insufficient contact information for some individuals, however, this notice is also accessible via CVA’s website, consistent with HIPAA.