South Denver Cardiology Associates (SDCA) recently disclosed that it began the new year with a data security breach that they first detected on January 4.
Initiating their incident response plan, their investigation determined that an unauthorized person accessed their network between January 2, 2022 and January 5, 2022. During that time, certain files stored on the system were accessed. Those files contained protected health information of patients such as names, dates of birth, Social Security numbers and/or drivers’ license numbers, patient account numbers, health insurance information, and clinical information, such as physician names, dates, and types of service, and diagnoses.
In a notice on their website, the practice notes that there was no impact to the contents of patient medical records and no unauthorized access to the patient portal.
According to the notice, there was no indication at this time of any misuse of the information, but patients were notified of the incident and offered monitoring and identity restoration services through IDX. A total of 287,652 patients were notified.
The notice did not explain whether the files were from current patients or current and former patients.
Nothing in the notice or the companion IDX FAQ mentions whether there was any encryption of files and/or any ransom demand. An inquiry sent to IDX seeking clarification on those questions did not receive any reply by publication time.
Updated March 16: DataBreaches.net received a phone call in response to the inquiry sent. At the present time, they are still investigating the breach and the spokesperson did not feel comfortable answering any questions as to whether there had been a ransom demand or anything related to such questions. Although they did not answer that question, this blogger gives them credit for the fact that they are personally calling everyone who contacted them and sent inquiries to them.