Center for Vein Restoration Data Breach Affects Almost 450,000 Individuals
The Center for Vein Restoration, a Greenbelt, MD-based provider of treatments for varicose and spider veins, has experienced a major data breach affecting current and former patients and employees.
Unusual system activity was detected on October 6, 2024, and action was taken to isolate the affected systems and law enforcement was notified. The investigation confirmed unauthorized access to its network and files containing patient and employee data may have been viewed or exfiltrated in the attack. The file review confirmed that the types of patient data involved varied from individual to individual and may have included names combined with one or more of the following: address, date of birth, Social Security number, driver’s license number, medical record number, diagnoses, lab results, medications, treatment information, health insurance information, provider names, dates of treatment, and/or financial information. Current and former employees had data exposed related to their employment.
The Center for Vein Restoration has implemented additional safeguards and technical security measures to better protect and monitor its systems and is notifying the affected individuals by mail to their last known address. Affected individuals have been offered complimentary identity theft protection services. The data breach was recently reported to the HHS’ Office for Civil Rights as involving the protected health information of up to 446,094 individuals.
Cardiac and Vascular Device Vendor Dealing with Ransomware Attack
The Kennesaw, GA-based medical device manufacturer, Artivion, has experienced a ransomware attack that is disrupting its order and shipping processes. Artivion is a leading provider of cardiac and vascular medical products, including implantable cardiac and vascular tissues, mechanical heart valves, and surgical sealants. The ransomware attack was detected on November 21, 2024, and forced the company to take some of its systems offline. Artivion has confirmed that files were exfiltrated in the attack before encryption. The contents of those files have not been disclosed, nor the name of the group behind the attack. Artivion confirmed in a filing with the Securities and Exchange Commission (SEC) that the attack is not expected to have a material impact or affect its financial position; however, disruption continues to be experienced while the company works with third-party specialists to bring its systems back online. Further information is available in this post.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
