Alabama Cardiovascular Group (ACG) experienced a significant data breach that spanned from June 6 to July 2, 2024, during which unauthorized individuals accessed its computer network. The intrusion was detected on July 2, prompting immediate action to mitigate further unauthorized access. ACG promptly reported the incident to law enforcement authorities and the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR). This breach has potentially affected up to 280,534 individuals, including current and former patients, guarantors, employees, and physicians, all of whom were notified via mail about the incident.
A comprehensive review of the exfiltrated files confirmed that a range of sensitive data had been compromised. This data includes personal identifiers such as names, addresses, email addresses, phone numbers, and dates of birth, as well as Social Security numbers. Additionally, health insurance information, claims information, and medical details like dates of service, diagnoses, medications, and lab results were also involved. Some individuals may have had other sensitive information exposed, including driver’s license numbers, passport numbers, and credit or debit card information, depending on what was provided to ACG.
In response to the breach, ACG has taken proactive steps to enhance its security measures and prevent similar incidents from occurring in the future. The organization has implemented additional safeguards within its network and is working closely with cybersecurity experts to bolster its defenses against potential threats. ACG has also made a commitment to keep affected individuals informed about the ongoing measures being taken to protect their personal information and to prevent future breaches.
To assist those impacted by the breach, ACG is offering 24 months of complimentary access to Experian’s IdentityWorks identity theft protection service. This service aims to help individuals monitor their personal information and mitigate the risks associated with identity theft. ACG’s quick response and commitment to providing support reflect its dedication to safeguarding the privacy and security of its patients and employees in the wake of this serious cybersecurity incident.
Reference: