Data breach affects hundreds of thousands of patients in a cardiology clinic

In a security alert, South Denver Cardiology Associates (SDCA) confirmed a security breach that led to the exposure of more than 287,000 of its patients’ medical records. An unidentified actor reportedly managed to access their confidential databases in early 2022.

Upon detecting the incident, SDCA notified the appropriate authorities and initiated an investigation in collaboration with an outside security firm. During this investigation it was discovered that threat actors managed to access multiple confidential details of hundreds of thousands of patients.

Confidential records of patients exposed during the incident include:

  • Full names
  • Dates of birth
  • Social security numbers
  • Health insurance details
  • Medical histories, diagnoses and medication

In a statement, SDCA said no malicious use attempts related to the leak have been detected: “We are not aware that our patients’ information was used for malicious purposes as a result of the attack,” the company said. However, cybersecurity specialists say that personal records and medical records could pose an electronic fraud and phishing risk for patients at the clinic.

As a security measure, SDCA has sent its customers an email with information related to the incident, including information to protect their data and an offer to subscribe to a credit monitoring and fraud prevention service. The company also enabled a call center and FAQ section on its website to address its patients’ concerns.

Although the company and the cybersecurity firm in charge of the investigation continue to monitor hacking forums and other platforms on the dark web, so far no data breaches related to this incident have been detected, although an eventual massive leak is not ruled out.  

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.