On February 3, 2023, Cardiovascular Associates (“CVA”) filed a notice of data breach with the Attorney General of California after the company learned that certain systems within its network were subject to unauthorized access. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, Social Security numbers, dates of birth, medical and treatment information, billing and claims information, financial account information, and credit/debit card information. After confirming that consumer data was leaked, Cardiovascular Associates began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.

If you recently received care through a Cardiovascular Associates provider, you probably didn’t think twice before giving medical staff all the information they asked for. Some of this undoubtedly included information that you would usually safeguard. Of course, because these doctors are renowned healthcare providers, you trusted Cardiovascular Associates. However, in the wake of the Cardiovascular Associates data breach, many patients are raising questions about the organization’s commitment to patient privacy. As we’ve discussed in prior posts, healthcare providers have a duty to protect the patient information in their possession, and, if a provider negligently leaks this sensitive information, they may be liable through a data breach lawsuit.

What We Know So Far About the Cardiovascular Associates Breach

The available information regarding the Cardiovascular Associates breach comes from the company’s filing with the Attorney General of California as well as notice posted on the CVA website. According to these sources, on December 5, 2022, CVA learned that some of its computer systems may have been subject to unauthorized access. In response, CVA restricted access to its network and began working with a forensics firm to investigate the incident and determine what, if any, patient information was leaked as a result of the incident.

Upon discovering that sensitive consumer data was made available to an unauthorized party, Cardiovascular Associates began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your full name, date of birth, and address, Social Security number, health insurance information, medical and treatment information, billing and claims information, passport and driver’s license number, credit and debit card information, and financial account information.

On February 3, 2023, Cardiovascular Associates sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

More Information About Cardiovascular Associates

Cardiovascular Associates is a healthcare practice based in Birmingham, Alabama. The practice provides heart and vascular care services, advanced cardiac imaging, preventative cardiology, and interventional cardiology. Cardiovascular Associates is affiliated with Brookwood Baptist Health, a large-scale provider of healthcare services across Alabama. Cardiovascular Associates operates 11 locations across Alabama. Cardiovascular Associates employs more than 129 people and generates approximately $20 million in annual revenue. Brookwood Baptist Health employs more than 4,300 people and generates approximately $1.2 billion in annual revenue.