On December 6, 2023, Cardiovascular Consultants Ltd. (“CVC”) filed a notice with the Securities and Exchange Commission disclosing a recent cyberattack and subsequent data breach. In this notice, Cardiovascular Consultants explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information. However, Cardiovascular Consultants is still investigating the extent of the breach and hasn’t yet indicated what data types were affected. Upon completing its investigation, Cardiovascular Consultants will begin sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you receive a data breach notification from Cardiovascular Consultants Ltd., it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Cardiovascular Consultants data breach. For more information, please see our recent piece on the topic here.
What Caused the Cardiovascular Consultants Data Breach?
The Cardiovascular Consultants data breach was only recently announced, and more information is expected in the near future. However, CVC’s filing with the Securities and Exchange Commission provides some important information on what led up to the breach. There have also been several news reports providing an analysis of the incident.
According to these sources, on September 29, 2023, Cardiovascular Consultants was notified that a threat actor claimed to have breached its computer systems and stolen data. In response, CVC secured its network and launched an investigation with the help of third-party cybersecurity specialists.
The Cardiovascular Consultants investigation confirmed that portions of its network were encrypted by the hackers and that the hackers were able to acquire sensitive data stored on its system.
After learning that sensitive consumer data was accessible to an unauthorized party, Cardiovascular Consultants reviewed the compromised files to determine what information was leaked and which consumers were impacted. Based on the company’s SEC filing, it appears that CVC is still in the process of reviewing the affected data. However, CVC notes that the “incident may have affected approximately 500,000 patients, former patients, guarantors and 200 staff.”
On December 6, 2023, Cardiovascular Consultants filed its notice with the SEC. In this notice, CVC indicates that it has enlisted the help of a consumer credit reporting agency to assist with notifying patients. When CVC sends out the data breach letters, they provide victims with a list of what information belonging to them was compromised.
More Information About Cardiovascular Consultants Ltd.
Founded in 1986, Cardiovascular Consultants Ltd. is a healthcare provider based in Phoenix, Arizona. CVC is a subsidiary of Fresenius Medical Care AG, a large healthcare network headquartered in Waltham, Massachusetts. CVC operates 10 locations in and around Phoenix. Cardiovascular Consultants employs more than 144 people and generates approximately $9 million in annual revenue. Fresenius Medical Care, CVC’s parent company, employs more than 70,000 people and generates over $14 billion in revenue each year.
