CardioVascular Health Clinic & Hunter Health Clinic Announce Data Breaches
CardioVascular Health Clinic in Oklahoma is investigating a recent cyberattack and data breach, and Hunter Health Clinic in Kansas has confirmed an email breach involving the information of almost 32,000 patients.
CardioVascular Health Clinic, Oklahoma
CardioVascular Health Clinic, a healthcare network with more than a dozen facilities in Oklahoma, has recently announced a security incident and data breach at its cloud service provider. The incident was detected on March 4, 2025, when network disruption was experienced. The forensic investigation confirmed that an unauthorized third party had access to its network between February 18, 2025, and March 4, 2025.
The investigation and file review are ongoing, and it is not yet possible to determine the specific types of information that have been exposed and potentially stolen; however, it is likely that the affected individuals had some or all of the following types of information exposed in the incident: name, address, phone number, email address, date of birth, Social Security Number, driver’s license/state ID number, financial account information, treatment/diagnosis information, prescription information, provider name, medical record/case number, Medicare/Medicaid ID number, health insurance information, and/or treatment cost information.
When the data review is concluded, individual notifications will be mailed to the affected individuals who will be offered complimentary credit monitoring and identity theft protection services as a precaution. Policies and procedures related to data security are being reviewed, and the incident has been reported to law enforcement. Since the file review is not yet complete, it has yet to be determined how many individuals have been affected. To meet reporting requirements under the HIPAA Breach Notification Rule, the HHS’ Office for Civil Rights has been informed, using a placeholder figure of at least 501 affected individuals. The total will be updated when the file review concludes.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Hunter Health Clinic, Kansas
Hunter Health Clinic in Wichita, Kansas, has recently informed the Maine Attorney General about a hacking incident involving the personal and protected health information of up to 31,778 individuals, including 5 Maine residents. On or around September 30, 2024, Hunter Health Clinic identified unauthorized access to an employee email account. The account was immediately secured, and an investigation was conducted, with assistance provided by third-party cybersecurity specialists. They confirmed that the unauthorized access occurred between September 27 and September 30, 2024, and a single email account was accessed. During that time, sensitive data in the account may have been viewed or acquired.
The review of emails and email attachments concluded on May 1, 2025, when it was confirmed that the exposed data included names, dates of birth, Social Security numbers, driver’s license/state ID numbers, financial account information, medical/clinical information, patient account numbers, and health insurance information. The types of data varied from individual to individual. Individual notification letters were mailed to the affected individuals on May 15, 2025, and individuals whose Social Security numbers were involved have been offered complimentary credit monitoring services.
