A cyber attack on South Denver Cardiology Associates (SDCA) may have exposed the protected healthcare information (PHI) of thousands of cardiac patients.
The healthcare provider issued a notice to its patients, disclosing that its network had been breached in January 2022.
The perpetrator(s) are as yet unknown, gaining access to files containing information on 287,652 patients during the attack.
SDCA said: “On January 4 2022, we identified unusual activity within our computer network. We immediately initiated our incident response process, which included taking steps to secure the network and shutting off select computer systems.
“We also began an investigation with the assistance of a computer forensic firm and notified law enforcement.”
According to investigators, the files accessed in the attack contained patient information, potentially including patients’ names, dates of birth, Social Security numbers and/or drivers’ license numbers, patient account numbers, health insurance information and clinical information, such as physician names, dates and types of service and diagnoses.
James McQuiggan, a security awareness advocate at KnowBe4, commented: “Healthcare organizations are a prime target for criminal groups because of sensitive personal data kept in their systems.”