DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Cardiovascular Consultants (CVC Heart) allegedly hit by ransomware (1)

Posted on November 6, 2023 by Dissent

Cardiovascular Consultants LTD (CVC Heart) in Arizona may or may not have been the victim of a ransomware attack, but they have not responded to inquiries about that. So far, all we have are unsubstantiated claims by a ransomware group and an alleged data archive download that doesn’t download.

On October 25, Cardiovascular Consultants LTD (CVC Heart) was added to Qilin’s dark web leak site. The listing does not provide much information but claims, “You can download all personal data of clients and employees of this company below.” The link to what purports to be a compressed file 205.93 GB in size does not work, however. Perhaps it is there simply as a warning to pressure CVC Heart to pay them. Qilin did not respond to a site visitor who asked them about the non-working download and were not logged in to their Jabber account when DataBreaches attempted to find them there on a few occasions.

On November 3, DataBreaches sent Cardiovascular Consultants an inquiry via their website. No reply was received. On November 4, DataBreaches reached out to the Privacy Officer contact information linked from their site. No reply has been received from them, either.

At this point, then, Qilin’s claims are unconfirmed.

In May 2023, Group IB wrote a report on Qilin’s Ransomware-as-a-Service (Raas) program. According to their report, Qilin uses Rust-based ransomware in a double-extortion model, i.e., encrypting files and exfiltrating data. Sectrio also provides details on Qilin in their July 2023 report.

DataBreaches will update this post if more information becomes available.


Update: On December 1, Cardiovascular Consultants reported the incident to HHS as affecting 484,000. On December 4, they added a notice to their homepage, saying, “Cardiovascular Consultants Ltd. (CVC) experienced a cybersecurity incident on September 29, 2023. Regrettably, that incident affected information in our computer systems related to current and former patients and other persons involved in their care, such as account guarantors and insurance subscribers. Click here for additional information and steps you should take if you believe your information may have been involved.”

That notice indicates that the attack occurred on or before September 27 and that the attacker(s) accessed certain systems, encrypted information, and stole some CVC information:

The personal information on our computer systems may have included information that we maintain about our patients, such as name, mailing address, date of birth, and other demographic and contact information, including emergency contact information, Social Security number, driver’s license and state ID numbers, insurance policy and guarantor information, diagnosis and treatment information, and other information from medical or billing records. Our systems also contained information regarding account guarantors including name, mailing address, telephone number, date of birth, and email address. Our systems further contained information regarding insurance policy holder/subscribers including name, mailing address, telephone number, date of birth, insurance policy information, such as group or policy number, and, in some cases, Social Security number.

CVC’s notice makes no mention of any ransom demand or their response to any such demand. Nor do they mention any leak site or threat of leaking the data.

As of December 14, 2023, Qlin threat actors have still not provided a working data download that they claim to provide on their leak site.

 

Related posts:

  • What is WikiLeaksV2 doing with a ransomware gang? Spoiler alert: It’s not extortion.
Category: Breach IncidentsHealth DataInsider

Post navigation

← Data of 171,871 Deer Oaks Behavioral Health clients and employees dumped by ransomware group
Mulkay Cardiology Consultants notifies almost 80,000 of ransomware attack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • ShinyHunters and team members arrested in France (1)
  • Texas Enacts Liability Shield From Punitive Damages for Certain Small Businesses That Adopt Cybersecurity Programs
  • Dublin ETB fined €125,000 for data protection breaches
  • From $5,000 to $800,000: Days Apart, OCR Security Settlements Show Puzzling Math
  • Liberty Township in Ohio has recovered its network after a ransomware attack
  • Marquette County Medical Care Facility discloses data breach
  • Industry Letter – June 23, 2025: Impact to Financial Sector of Ongoing Global Conflicts
  • MNGI Digestive Health settles class action lawsuit stemming from BlackCat attack
  • Four REvil ransomware members released after time served on carding charges
  • Why Dumping Sensitive Data on Network Shares is a Liability

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.