The breach is estimated to impact over 200,000 clients.
What happened
Recently, Alabama Cardiovascular Group (ACG), a Birmingham-based practice providing clinical, preventative, diagnostic, and interventional cardiovascular care, faced a data breach. The organization, which operates six locations in and around Birmingham, released an online notice to alert potential victims.
The company said they experienced a security incident between June 6th, 2024, and July 2nd, 2024. On July 2nd, ACG became aware that an unauthorized party had accessed their network.
The organization said, “If you are a current or past patient of a physician at ACG, or a current or guarantor, employee, or physician at ACG, your personal information may have been affected.”
Going deeper
According to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR), 280,534 individuals were impacted by the violation.
ACG said the data impacted varied from person to person, but may have included names, addresses, emails, phone numbers, Social Security numbers, health insurance information, medical information, driver’s license or passport information, credit or debit card information, and other demographic information.
Upon discovering the unauthorized access, ACG said they quickly “disconnected the ACG computer network from the internet and cut off the unauthorized access.”
To prevent the incident from reoccurring, “ACG reset user passwords and implemented additional security measures.”
ACG is offering complimentary credit monitoring and identity theft protection to impact individuals.
“We are committed to protecting personal information and sincerely regret any issues this incident may cause,” their letter to impacted individuals read.
Why it matters
Data breaches like these are becoming increasingly common. Even though the ACG describes its group as “relatively small” the data breach still impacted over 200,000 individuals.
Unfortunately, with increased breaches, it’s likely for criminals to combine stolen data on individuals, giving them a more complete profile that can be used for fraud or identity theft. According to a report from the Motley Fool, identity theft has been on a steady rise. In the first half of 2024, 552,000 cases of identity theft were reported to the Federal Trade Commission (FTC). In comparison, in 2019, 650,000 cases were reported throughout the entire year. Motley Fool said many of these cases can be directly linked to data breaches and other cybersecurity incidents.
The big picture
With more Americans prone to data breaches, many are trying to gain restitution and improve cybersecurity practices through class action lawsuits, which have also increased in recent years. Already, several firms are investigating the incident at ACG.
While ACG has not released information on how the breach occurred, the incident should be a reminder for every healthcare organization, no matter how big or small, to prioritize data security.
Related: HIPAA Compliant Email: The Definitive Guide.
Abby Grifno
