On June 12, 2023, Commonwealth Health Physician Network - Cardiology (“Great Valley Cardiology”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights (“HHS-OCR”) after learning that an unauthorized party was able to access confidential patient information in its possession. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to patients’ names, addresses, Social Security numbers, driver's license and passport numbers, credit or debit card numbers, bank account numbers, and protected health information. After confirming that consumer data was leaked, Great Valley Cardiology began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.

If you received a data breach notification from Great Valley Cardiology, it is essential you understand what is at risk and what you can do about it. Healthcare data breaches are becoming increasingly popular; however, that shouldn’t cause you to let your guard down. Each year, countless patients fall victim to healthcare data breaches, and many end up suffering the life-altering effects of identity theft. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Great Valley Cardiology data breach, please see our recent piece on the topic here.

What We Know So Far About the Great Valley Cardiology Breach

News of the Great Valley Cardiology data breach is still fresh; however, what we know at this point comes from the company’s filing with the HHS-OCR. Great Valley Cardiology also spoke with a reporter from The Times-Tribune, providing additional details about the incident. According to these sources, on April 13, 2023, Great Valley Cardiology was informed of a potential data security issue by the U.S. Department of Homeland Security. In response, Great Valley Cardiology disconnected its network, notified law enforcement, and then launched an investigation into the incident.

The Great Valley Cardiology investigation confirmed that the secure file transfer software used by the company suffered from a vulnerability allowing an unauthorized party to access Great Valley Cardiology patients’ confidential information. The software, called GoAnywhere, was developed and maintained by Fortra, LLC.

Upon discovering that sensitive consumer data was made available to an unauthorized party, Great Valley Cardiology began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, address, demographic information, Social Security number, driver's license and passport number, credit card or debit card number, bank account number, as well as your health insurance, claims and medical information.

On June 12, 2023, Great Valley Cardiology sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

More Information About Commonwealth Health Physician Network - Cardiology

Commonwealth Health Physician Network - Cardiology is a division of Community Health Services, which operates a number of hospitals and healthcare practices across the United States. Great Valley Cardiology, located in Scranton, Pennsylvania, is one of the practices owned and operated by Community Health Services. Great Valley Cardiology employs more than 25 people and generates approximately $5 million in annual revenue. Community Health Services employs over 90,000 people and brings in over $12 billion in revenue each year.