Alabama security breach exposes personal information of cardiologists, heart patients
Alabama Cardiovascular Group, a Birmingham-based cardiology provider affiliated with Grandview Medical Center, has announced that it experienced a significant security breach in July. The personal information of all current and former patients—in addition to all employees—may have been affected.
“We are committed to protecting personal information and sincerely regret any issues this incident may cause,” according to a statement. “We are offering identity theft protection for all affected individuals.”
The incident occurred July 2, when Alabama Cardiovascular Group security specialists noted that unauthorized parties were accessing its network. They cut off that access, resetting all user passwords to be safe, and contacted the appropriate law enforcement agencies.
The group ultimately determined that its network had been infiltrated for nearly a month, starting on June 6. Information that “may have been accessed” as a result included patient and physician names, addresses, email addresses, usernames, passwords, social security numbers, health insurance information, medical data, credit card or debit card numbers and more.
“We will send letters to individuals whose personal information was affected as a result of this incident,” the group said, noting that anyone receiving such a letter is being given free two-year access to credit and identity monitoring software.
According to one recent analysis, healthcare remains the industry hit hardest by cybersecurity threats. Patients, it seems, typically end up footing the bill for these incidents in the long run.
“When asked how they’re dealing with these costs, more than half of organizations said they are passing them on to customers,” the study’s authors write. “Having customers absorb these costs can be problematic in a competitive market already facing pricing pressures from inflation.”