South Denver Cardiology Associates admits hack

A breach at US health clinic South Denver Cardiology Associates has exposed the medical and personal data of more than 287K people

A data breach at US health clinic South Denver Cardiology Associates (SDCA) has exposed the medical information of more than 287,000 people.

In a data breach notice (PDF), SDCA admitted that an unnamed attacker broke into its systems and had access to confidential databases for three days between January 2, 2022, and January 5, 2022, before the breach was detected and thwarted.

SDCA notified law enforcement and called in the help of an external computer forensics firm to determine the scope of the compromise.

This investigation revealed that attackers accessed files containing a variety of sensitive information.

The exposed data included “patients’ names, dates of birth, Social Security numbers and/or drivers’ license numbers, patient account numbers, health insurance information, and clinical information, such as physician names, dates and types of service, and diagnoses”.


Catch up on the latest healthcare breaches and security news


In a bid to reassure potential concerned patients, SDCA said there has been “no impact to the contents of patient medical records and no unauthorized access to the patient portal”.

“We have no indication that individuals’ information has been misused as a result of this incident,” SDCA added.

Despite these assurances, the exposed healthcare and other personal data leaves affected parties more exposed to phishing attacks and the like, leveraging the compromised information to run more convincing scams.

As a precaution, SDCA has begun a mailout to patients that includes guidance on how to protect their information alongside an offer of complimentary credit
monitoring and identity protection services.

SDCA has also set up a dedicated, toll-free call center to answer patients’ questions.

Awaiting diagnosis

The Daily Swig has asked SDCA if it had identified the cause of the breach on its systems. No word back as yet, but we’ll update this story as and when more information comes to hand.

Numbers on those affected by the breach at SDCA come from a mandatory notice for breaches of unsecured protected health information, filed with the US Department of Health and Human Services Office for Civil Rights.


YOU MAY ALSO LIKE Utah privacy bill places tighter control on consumer data