On May 30, 2024, Heart South Cardiovascular Group, located in Alabaster, Alabama, reported a cybersecurity incident that compromised certain information stored on their network. The unauthorized access occurred between May 29 and May 30, prompting the organization to initiate an investigation, which involved collaborating with third-party specialists to assess the extent of the breach. Preliminary findings indicated that the accessed information may include personal details such as first and last names, addresses, dates of birth, driver’s license numbers, Social Security numbers, diagnoses, lab results, medications, and other treatment-related information. While the investigation is still ongoing, Heart South is in the process of obtaining address information to notify potentially affected individuals.
In response to the breach, Heart South has implemented additional security measures aimed at minimizing the risk of future incidents. The organization has also notified law enforcement and is conducting a thorough review of its data protection policies and procedures. Although there is currently no evidence suggesting that any information has been misused, Heart South is taking a proactive approach by providing individuals access to credit monitoring and identity protection services. For those with questions about the incident or those interested in enrolling in these services, Heart South has established a dedicated phone line.
The organization encourages individuals to remain vigilant by regularly reviewing account statements, explanation of benefits statements, and credit history to identify any unauthorized activity. Under U.S. law, individuals are entitled to one free credit report annually from each of the three major credit reporting bureaus: TransUnion, Experian, and Equifax. Heart South highlights that individuals can order their free credit report through the official website or by calling the designated number, ensuring they stay informed about their credit status.
Additionally, Heart South emphasizes the rights of individuals to place an initial or extended fraud alert on their credit files at no cost. Those who are victims of identity theft can request an extended fraud alert lasting seven years, while they also have the option to place a credit freeze on their credit reports. The organization reminds individuals that federal law prohibits charging for placing or lifting a credit freeze, empowering them to take control of their financial security. This incident illustrates the critical importance of cybersecurity in the healthcare sector and underscores Heart South’s commitment to protecting the sensitive information of its patients.
Reference: