"Nearly 300k Heart Patients’ Data Exposed"

The protected health information (PHI) of hundreds of thousands of heart patients may have been exposed during a cyberattack on South Denver Cardiology Associates (SDCA).  On January 4, 2022, SDCA identified unusual activity within their computer network.  They immediately initiated their incident response process, which included taking steps to secure the network and shutting off select computer systems.  SDCA also began an investigation with the assistance of a computer forensic firm and notified law enforcement.  During the investigation, it was determined that the unknown perpetrator(s) gained access to files containing information on 287,652 patients during the attack.  The files accessed in the attack contained patient information, which may have included patients’ names, dates of birth, Social Security numbers and/or drivers’ license numbers, patient account numbers, health insurance information and clinical information, such as physician names, dates and types of service and diagnoses.  SDCA noted that the attack had not impacted the contents of patient medical records.  The healthcare provider also stated that the security incident did not involve unauthorized access to the patient portal. 

Infosecurity reports: "Nearly 300k Heart Patients’ Data Exposed"