Data breach at chain of clinics impacts 450K patients

Chad Van Alstin | | Health Exec | Cybersecurity

The largest physician-led vein center in the U.S. announced it has suffered a data breach, which resulted in hackers stealing personal data on 446,094 patients.

The Center for Vein Restoration (CVR) announced the breach last week, though the incident was first noticed on Oct. 6. In a statement, the nationwide medical chain said both medical information and personal details on patients were taken in the attack.

Data taken includes names, addresses, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, diagnoses, lab results, medications, treatment information, health insurance details, provider names, dates of treatment and financial information. 

Patients from all over the U.S. have been affected. Additionally, current and former employees had their data leaked to hackers, CVR added.

CVR confirmed the unauthorized third party had access to its files but stopped short of saying they were moved off site. To date, there are no reports of the data trove being posted for sale on the dark web.

However, the notice from CVR does not provide many details. Details on the nature of the attack, scope of the breach and how cybercriminals gained access to protected systems are still unknown.

HealthExec has reached out for comment.

CVR is asking affected patients, all of whom it said have now been notified, to monitor their financial statements and medical bills for accuracy. They have offered the legally required identity theft protection services as recompense for the breach.

Internally, CVR said it hired a cyber forensics firm to investigate the breach. Additionally, it claims to have “implemented, and will continue to adopt, additional safeguards and technical security measures to further protect and monitor our systems.”

CVR operates 110 clinics in 21 states and Washington, D.C.

Related Articles on Cybersecurity:

Nebraska becomes first state to sue Change Healthcare over data breach
Christmas ransomware exposed over 300K patient records to dark web
Cryo-frozen tissue manufacturer suffers cyberattack
Study reveals shocking list of the most common corporate passwords
Healthcare hacker sentenced to 10 years in prison
Chad Van Alstin Health Imaging Health Exec
Chad Van Alstin

Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.

Related Content

Ransom demanded, emergency care diverted as Kettering Health reels from cyberattack
Cyberattack on nonprofit health system triggers scam calls to patients
Epic sued over alleged 'scheme to destroy' managed care company
Amazon One Medical employees viewed health data of man in wrongful death case
Independent provider group hit by cyberattack, delays patient care
Blue Shield’s advertising integration exposes data on 4.7M members to Google

Around the web

Radiology Business
Society of Interventional Radiology seeks AMA resolution urging payments on high-cost disposables

"The number of non-facility services reimbursed at less than direct costs grew 50% since 2024. The number of services under the MPFS for which reimbursement does not even cover cost likely is much higher than 300 services," the proposed AMA resolution states.

Cardiovascular Business
FDA wants new heart damage warnings added to COVID-19 vaccines

COVID-19 vaccines are associated with a very low risk of myocarditis and/or pericarditis, primarily in young adults. The long-term impact of this risk has been the subject of many studies and debates over the years. One side says that the benefits of vaccination far outweigh the risks, and the other side says that even the smallest risk of heart damage is too high.

Cardiovascular Business
Cardiology employment models undergoing a dramatic shift

Gerald G. Blackwell, MD, MBA, MedAxiom's president and CEO, examined how different cardiology employment models look today compared to even a decade ago.