DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Cardiovascular Consultants (CVC Heart) allegedly hit by ransomware (1)

Posted on November 6, 2023 by Dissent

Cardiovascular Consultants LTD (CVC Heart) in Arizona may or may not have been the victim of a ransomware attack, but they have not responded to inquiries about that. So far, all we have are unsubstantiated claims by a ransomware group and an alleged data archive download that doesn’t download.

On October 25, Cardiovascular Consultants LTD (CVC Heart) was added to Qilin’s dark web leak site. The listing does not provide much information but claims, “You can download all personal data of clients and employees of this company below.” The link to what purports to be a compressed file 205.93 GB in size does not work, however. Perhaps it is there simply as a warning to pressure CVC Heart to pay them. Qilin did not respond to a site visitor who asked them about the non-working download and were not logged in to their Jabber account when DataBreaches attempted to find them there on a few occasions.

On November 3, DataBreaches sent Cardiovascular Consultants an inquiry via their website. No reply was received. On November 4, DataBreaches reached out to the Privacy Officer contact information linked from their site. No reply has been received from them, either.

At this point, then, Qilin’s claims are unconfirmed.

In May 2023, Group IB wrote a report on Qilin’s Ransomware-as-a-Service (Raas) program. According to their report, Qilin uses Rust-based ransomware in a double-extortion model, i.e., encrypting files and exfiltrating data. Sectrio also provides details on Qilin in their July 2023 report.

DataBreaches will update this post if more information becomes available.


Update: On December 1, Cardiovascular Consultants reported the incident to HHS as affecting 484,000. On December 4, they added a notice to their homepage, saying, “Cardiovascular Consultants Ltd. (CVC) experienced a cybersecurity incident on September 29, 2023. Regrettably, that incident affected information in our computer systems related to current and former patients and other persons involved in their care, such as account guarantors and insurance subscribers. Click here for additional information and steps you should take if you believe your information may have been involved.”

That notice indicates that the attack occurred on or before September 27 and that the attacker(s) accessed certain systems, encrypted information, and stole some CVC information:

The personal information on our computer systems may have included information that we maintain about our patients, such as name, mailing address, date of birth, and other demographic and contact information, including emergency contact information, Social Security number, driver’s license and state ID numbers, insurance policy and guarantor information, diagnosis and treatment information, and other information from medical or billing records. Our systems also contained information regarding account guarantors including name, mailing address, telephone number, date of birth, and email address. Our systems further contained information regarding insurance policy holder/subscribers including name, mailing address, telephone number, date of birth, insurance policy information, such as group or policy number, and, in some cases, Social Security number.

CVC’s notice makes no mention of any ransom demand or their response to any such demand. Nor do they mention any leak site or threat of leaking the data.

As of December 14, 2023, Qlin threat actors have still not provided a working data download that they claim to provide on their leak site.

 

Related posts:

  • What is WikiLeaksV2 doing with a ransomware gang? Spoiler alert: It’s not extortion.
Category: Breach IncidentsHealth DataInsider

Post navigation

← Data of 171,871 Deer Oaks Behavioral Health clients and employees dumped by ransomware group
Mulkay Cardiology Consultants notifies almost 80,000 of ransomware attack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Integrated Oncology Network victim of phishing attack; multiple locations affected (2)
  • HHS’ Office for Civil Rights Settles HIPAA Privacy and Security Rule Investigation with Deer Oaks Behavioral Health for $225k and a Corrective Action Plan
  • HB1127 Explained: North Dakota’s New InfoSec Requirements for Financial Corporations
  • Credit reports among personal data of 190,000 breached, put for sale on Dark Web; IT vendor fined
  • Five youths arrested on suspicion of phishing
  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.