CVA reports data security breach involving some patient information
Cardiovascular Associates (CVA) has started informing patients of a data security incident which may have affected some people's personal information. CVA, which has multiple locations in and around Birmingham, released a statement Friday to address the breach which happened near the end of November of last year.
"CVA is committed to protecting the privacy and security of personal information that it receives and sincerely regrets any inconvenience this incident may cause," the practice said in the statement. "CVA has established a dedicated assistance line for individuals seeking additional information regarding this incident."
The group said it discovered the breach on Dec. 5, 2022 when unauthorized activity was noticed on certain systems within CVA's network. In response to that discovery, steps were taken to restrict the unauthorized access and an investigation was launched with a nation forensic firm assisting.
SEE ALSO: Coosa Valley Medical Center on statewide financial shortage for hospitals
SEE ALSO: Hospitals seek COVID relief funds to avoid closure
In the course of the investigation, CVA said it determined an unauthorized third party was able to access certain systems that contained personal information and remove a copy of some data from the network between Nov. 28 and Dec. 5.
CVA said some personal information was involved with the breach and included a list of some things which may have been copied.
- Demographic information to identify and contact the patient, such as full name, date of birth, and address
- Social Security number
- Health insurance information, such as name of insurer/government payor and member ID, policy and/or group number
- Medical and treatment information, such as medical record number, dates of service, provider and facility names, other visit, procedure and diagnosis information, and possibly assessments, tests and imaging
- Billing and claims information, such as account and/or claim status, billing and diagnostic codes, and payor information
- Passport and driver’s license number
- Credit and debit card information
- Financial account information
CVA noted a limited number of individuals also may have had their username and password exposed.
CVA takes the security of personal information seriously. As soon as the incident was discovered, a forensic investigation was launched, and steps were taken to mitigate and remediate the incident and to help prevent further unauthorized activity. In response to this incident, security and monitoring capabilities are being enhanced and systems are being hardened as appropriate to minimize the risk of any similar incident in the future.
CVA said affected patients are being notified. The group said it has arranged to offer complimentary credit monitoring and identity restoration services to those whose Social Security number, credit card/debit card or financial account information, passport or driver’s license number may have been involved.
For the next 90 days, individuals who have questions about this matter or would like additional information can call toll-free 1-833-753-3802 during 8 a.m. to 8 p.m. Monday through Friday.
