Alabama Cardiovascular Group reports data breach exposing client data
Learn More
The Alabama Cardiovascular Group (ACG), a medical practice based in Birmingham, Alabama, is reporting a data breach that occurred over nearly a month, impacting sensitive information of patients, employees, and associated physicians. The breach was first detected on July 2, 2024, but the investigation revealed that unauthorized access to the company's network began on June 6, 2024.
The company has taken steps to mitigate the breach, including disconnecting its network from the Internet, implementing enhanced security protocols and has reported the incident to law enforcement.
During the breach, a wide range of personal and medical data may have been compromised, including:
- Names
- Addresses
- Email addresses
- Phone numbers
- Demographic information
- Social Security numbers
- Health insurance information
- Usernames and passwords
- Medical information (e.g., dates of service, diagnoses, medications, images, lab results, treatment details)
- Driver’s license or passport numbers
- Credit card or debit card information
- Bank account information
No details are disclosed about the nature of the attack or the number of affected individuals.
Update - ACG reports that 280,534 individuals were affected.
ACG has expressed regret for the incident and its potential impact on patients and other affected individuals. They began notifying those affected through letters. To assist those impacted, ACG is offering 24 months of free identity theft protection services through Experian IdentityWorks SM.
