More than 287,000 people’s medical information was exposed as a result of a data breach at the US health facility South Denver Cardiology Associates (SDCA). SDCA revealed in a data breach notice that an anonymous attacker gained access to secret databases for three days between January 2, 2022, and January 5, 2022, before the incident was discovered and stopped.
SDCA alerted law enforcement and enlisted the assistance of an outside computer forensics firm to establish the breadth of the breach. During the inquiry, it was discovered that the attackers gained access to files holding a range of sensitive data. Patients’ names, Social Security numbers or/and drivers’ license numbers, dates of birth, health insurance information, patient account numbers, and clinical data, such as physician names, dates and kinds of service, and diagnoses, were among the information exposed.
In an attempt to comfort worried patients, SDCA claimed there had been no influence on the contents of patient medical information and no illegal access to the patient portal. “We have no indication that individuals’ information has been misused as a result of this incident,” SDCA added. Despite these promises, the exposed healthcare and other personal data make impacted individuals more vulnerable to phishing attempts and different frauds that use the hacked data to execute more convincing schemes.
As a precaution, the SDCA has begun sending out letters to patients that include advice on how to secure their personal information as well as a free credit monitoring and identity protection service offer. SDCA has also established a toll-free phone center to assist patients with their inquiries.
When asked if the reason for the intrusion on its systems had been established, SDCA has yet to respond. The number of persons affected by the SDCA breach came from a mandated notice filed with the US Department of Health and Human Services Office for Civil Rights for unsecured protected health information breaches.