Data breach at chain of clinics impacts 450K patients

Chad Van Alstin | | Health Exec | Cybersecurity

The largest physician-led vein center in the U.S. announced it has suffered a data breach, which resulted in hackers stealing personal data on 446,094 patients.

The Center for Vein Restoration (CVR) announced the breach last week, though the incident was first noticed on Oct. 6. In a statement, the nationwide medical chain said both medical information and personal details on patients were taken in the attack.

Data taken includes names, addresses, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, diagnoses, lab results, medications, treatment information, health insurance details, provider names, dates of treatment and financial information. 

Patients from all over the U.S. have been affected. Additionally, current and former employees had their data leaked to hackers, CVR added.

CVR confirmed the unauthorized third party had access to its files but stopped short of saying they were moved off site. To date, there are no reports of the data trove being posted for sale on the dark web.

However, the notice from CVR does not provide many details. Details on the nature of the attack, scope of the breach and how cybercriminals gained access to protected systems are still unknown.

HealthExec has reached out for comment.

CVR is asking affected patients, all of whom it said have now been notified, to monitor their financial statements and medical bills for accuracy. They have offered the legally required identity theft protection services as recompense for the breach.

Internally, CVR said it hired a cyber forensics firm to investigate the breach. Additionally, it claims to have “implemented, and will continue to adopt, additional safeguards and technical security measures to further protect and monitor our systems.”

CVR operates 110 clinics in 21 states and Washington, D.C.

Related Articles on Cybersecurity:

Nebraska becomes first state to sue Change Healthcare over data breach
Christmas ransomware exposed over 300K patient records to dark web
Cryo-frozen tissue manufacturer suffers cyberattack
Study reveals shocking list of the most common corporate passwords
Healthcare hacker sentenced to 10 years in prison
Chad Van Alstin Health Imaging Health Exec
Chad Van Alstin

Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.

Related Content

Data trove of 1.6M patient records discovered online
DOD contractor hit with $11M fine for health data mismanagement
FDA warns of cybersecurity vulnerabilities in patient monitors
Academic health system agrees to $8M settlement following data breach
Number of Americans impacted by Change Healthcare breach nears 200M
Report: 84% of healthcare organizations identified a data breach last year

Around the web

Cardiovascular Business
FDA announces new recall of Johnson & Johnson heart pumps over safety concerns

No devices need to be returned at this time. However, the FDA warned, using these heart pumps without reviewing the updated instructions could result in "serious injury or death.” 

Cardiovascular Business
HeartBeam raising $10M for FDA-cleared health tech with public offering

The FDA recently cleared the company's cable-free, credit card-sized heart monitor that produces 12-lead ECGs.

Radiology Business
Mexico, not China, is biggest tariff concern among radiology vendors

If 25% tariffs go into effect, it could have a big impact on the cost of medical imaging and radiotherapy systems, with many manufacturing facilities in Mexico.