South Denver Cardiology Associates Confirms Data Breach Affecting 287,000 Patients

Share this article on:

South Denver Cardiology Associates (SDCA) has recently announced it was the victim of a cyberattack in January 2022 in which files containing patient information were accessed and potentially stolen by hackers.

Unusual network activity was detected on January 4, 2022, and the SDCA breach response process was immediately initiated. Systems were isolated from the network and shut down, with the investigation determining hackers had access to certain systems from January 2, 2022, to January 5, 2022.

During that time, the hackers accessed certain files stored on its systems, some of which contained patients’ personal and protected health information. A comprehensive review of those files confirmed they contained patient names along with one or more of the following types of information: dates of birth, Social Security numbers, drivers’ license numbers, patient account numbers, health insurance information, and clinical information such as physician names, dates and types of service, and diagnoses.

SDCA said the contents of medical records were unaffected, the patient portal was not compromised, and the investigation did not uncover any evidence of actual or attempted misuse of patient information; however, as a precaution, affected individuals have been offered complimentary access to credit monitoring and identity theft protection services.

The breach has been reported to the HHS’ Office for Civil Rights as affecting up to 287,652 individuals.

Up to 80,000 Patients Affected by Memorial Village ER Cyberattack

Memorial Village ER in Houston TX, has recently started notifying 80,000 patients that some of their protected health information was stored on a server that was accessed by hackers on February 18, 2022.

Memorial Village ER said the server was secured with HIPAA-compliant safeguards, but the security defenses were breached by an unknown entity who potentially viewed and/or obtained files on the server. A comprehensive review was conducted to determine the types of information on the server, which confirmed the breach was limited to names, addresses, birth dates, and COVID-19 test results. Affected individuals were notified on March 9, 2022, less than a month after the breach was detected.

Social Security numbers, financial information, and insurance information were not compromised; however, out of an abundance of caution, affected individuals have been offered a complimentary 12-month membership to Experian’s IdentityWorks identity theft protection service.

Memorial Village ER said it has now upgraded its cybersecurity platform to prevent further security breaches in the future.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On