DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Cardiovascular Consultants (CVC Heart) allegedly hit by ransomware (1)

Posted on November 6, 2023 by Dissent

Cardiovascular Consultants LTD (CVC Heart) in Arizona may or may not have been the victim of a ransomware attack, but they have not responded to inquiries about that. So far, all we have are unsubstantiated claims by a ransomware group and an alleged data archive download that doesn’t download.

On October 25, Cardiovascular Consultants LTD (CVC Heart) was added to Qilin’s dark web leak site. The listing does not provide much information but claims, “You can download all personal data of clients and employees of this company below.” The link to what purports to be a compressed file 205.93 GB in size does not work, however. Perhaps it is there simply as a warning to pressure CVC Heart to pay them. Qilin did not respond to a site visitor who asked them about the non-working download and were not logged in to their Jabber account when DataBreaches attempted to find them there on a few occasions.

On November 3, DataBreaches sent Cardiovascular Consultants an inquiry via their website. No reply was received. On November 4, DataBreaches reached out to the Privacy Officer contact information linked from their site. No reply has been received from them, either.

At this point, then, Qilin’s claims are unconfirmed.

In May 2023, Group IB wrote a report on Qilin’s Ransomware-as-a-Service (Raas) program. According to their report, Qilin uses Rust-based ransomware in a double-extortion model, i.e., encrypting files and exfiltrating data. Sectrio also provides details on Qilin in their July 2023 report.

DataBreaches will update this post if more information becomes available.


Update: On December 1, Cardiovascular Consultants reported the incident to HHS as affecting 484,000. On December 4, they added a notice to their homepage, saying, “Cardiovascular Consultants Ltd. (CVC) experienced a cybersecurity incident on September 29, 2023. Regrettably, that incident affected information in our computer systems related to current and former patients and other persons involved in their care, such as account guarantors and insurance subscribers. Click here for additional information and steps you should take if you believe your information may have been involved.”

That notice indicates that the attack occurred on or before September 27 and that the attacker(s) accessed certain systems, encrypted information, and stole some CVC information:

The personal information on our computer systems may have included information that we maintain about our patients, such as name, mailing address, date of birth, and other demographic and contact information, including emergency contact information, Social Security number, driver’s license and state ID numbers, insurance policy and guarantor information, diagnosis and treatment information, and other information from medical or billing records. Our systems also contained information regarding account guarantors including name, mailing address, telephone number, date of birth, and email address. Our systems further contained information regarding insurance policy holder/subscribers including name, mailing address, telephone number, date of birth, insurance policy information, such as group or policy number, and, in some cases, Social Security number.

CVC’s notice makes no mention of any ransom demand or their response to any such demand. Nor do they mention any leak site or threat of leaking the data.

As of December 14, 2023, Qlin threat actors have still not provided a working data download that they claim to provide on their leak site.

 

Category: Breach IncidentsHealth DataInsider

Post navigation

← Data of 171,871 Deer Oaks Behavioral Health clients and employees dumped by ransomware group
Mulkay Cardiology Consultants notifies almost 80,000 of ransomware attack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach
  • Oklahoma Expands its Security Breach Notification Law
  • Ransomware group Gunra claims to have exfiltrated 450 million patient records from American Hospital Dubai.
  • North Shore University Sleep Disorders Center employee charged with secretly recording patients in restrooms
  • When ransomware listings create confusion as to who the victim was
  • Rajkot civic body’s GIS website hit by cyber attack, over 400 GB data feared stolen
  • Taiwan’s BitoPro hit by NT$345 million cryptocurrency hack
  • Texas gastroenterology and surgical practice victim of ransomware attack
  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President
  • North Dakota Enacts Financial Data Security and Data Breach Notification Requirements

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Florida ban on kids using social media likely unconstitutional, judge rules
  • State Data Minimization Laws Spark Compliance Uncertainty
  • Supreme Court Agrees to Clarify Emergency Situations Where Police Don’t Need Warrant
  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.