Ascension St. Vincent’s Coastal Cardiology Announces Data Breach Stemming from Recent Ransomware Attack

Console and Associates, P.C.
Contact

On October 14, 2022, Ascension St. Vincent’s Coastal Cardiology filed an official notice of a data breach with the U.S. Department of Health and Human Services Office for Civil Rights after the company experienced a ransomware attack targeting a legacy computer system. According to St. Vincent’s Coastal Cardiology, the breach resulted in patients’ names, Social Security numbers, addresses, email addresses, phone numbers, insurance information, clinical information, and billing and insurance information being compromised. Recently, St. Vincent’s Coastal Cardiology sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.

The Ascension St. Vincent’s Coastal Cardiology affected the protected health information of past patients who obtained care at Coastal Cardiology prior to the date that it was acquired by Ascension. As we’ve discussed in prior posts, these healthcare data breaches pose significant risks to patients. Thus, it is imperative that anyone who receives a data breach letter from Ascension St. Vincent’s Coastal Cardiology understands what is at stake and what they can do to limit the risks of identity theft and fraud.

What We Know About the Ascension St. Vincent’s Coastal Cardiology Data Breach

The available information regarding the Ascension St. Vincent’s Coastal Cardiology breach comes from the company’s filing with the U.S. Department of Health and Human Services Office for Civil Rights as well as a notice posted on the practice group’s website. According to these sources, on August 15, 2022, Ascension was alerted to a data security incident involving legacy systems related to the recently acquired practice.

In response, the company secured the legacy network and began working with a cybersecurity firm to assist with the company’s investigation. Ascension also reported the incident to law enforcement. However, Ascension’s efforts failed to prevent unauthorized parties from accessing data contained within the system. Notably, none of Ascension’s current computer systems were among those that were compromised. However, because the legacy system was encrypted, Ascension was unable to conclusively determine what data was affected by the breach.

Upon discovering that sensitive consumer data was made available to an unauthorized party, Ascension St. Vincent’s Coastal Cardiology determined that the following patient information may have been contained on the legacy system: names, Social Security numbers, addresses, email addresses, phone numbers, insurance information, clinical information, and billing and insurance information.

On October 14, 2022, Ascension St. Vincent’s Coastal Cardiology sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.
Contact
more
less

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide