HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

South Denver Cardiology Associates Confirms Data Breach Affecting 287,000 Patients

South Denver Cardiology Associates (SDCA) has recently announced it was the victim of a cyberattack in January 2022 in which files containing patient information were accessed and potentially stolen by hackers.

Unusual network activity was detected on January 4, 2022, and the SDCA breach response process was immediately initiated. Systems were isolated from the network and shut down, with the investigation determining hackers had access to certain systems from January 2, 2022, to January 5, 2022.

During that time, the hackers accessed certain files stored on its systems, some of which contained patients’ personal and protected health information. A comprehensive review of those files confirmed they contained patient names along with one or more of the following types of information: dates of birth, Social Security numbers, drivers’ license numbers, patient account numbers, health insurance information, and clinical information such as physician names, dates and types of service, and diagnoses.

SDCA said the contents of medical records were unaffected, the patient portal was not compromised, and the investigation did not uncover any evidence of actual or attempted misuse of patient information; however, as a precaution, affected individuals have been offered complimentary access to credit monitoring and identity theft protection services.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The breach has been reported to the HHS’ Office for Civil Rights as affecting up to 287,652 individuals.

Up to 80,000 Patients Affected by Memorial Village ER Cyberattack

Memorial Village ER in Houston TX, has recently started notifying 80,000 patients that some of their protected health information was stored on a server that was accessed by hackers on February 18, 2022.

Memorial Village ER said the server was secured with HIPAA-compliant safeguards, but the security defenses were breached by an unknown entity who potentially viewed and/or obtained files on the server. A comprehensive review was conducted to determine the types of information on the server, which confirmed the breach was limited to names, addresses, birth dates, and COVID-19 test results. Affected individuals were notified on March 9, 2022, less than a month after the breach was detected.

Social Security numbers, financial information, and insurance information were not compromised; however, out of an abundance of caution, affected individuals have been offered a complimentary 12-month membership to Experian’s IdentityWorks identity theft protection service.

Memorial Village ER said it has now upgraded its cybersecurity platform to prevent further security breaches in the future.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.