Heart South Cardiovascular Group suffered a major breach in November

Alabama-based Heart South Cardiovascular Group said the personal information of more than 46,000 patients was compromised after the Rhysida ransomware group said it stole patient data from the provider’s network.

 

In a data breach incident notice filed with the office of the Attorney General of Maine on Monday, Heart South Cardiovascular Group said it has begun notifying affected patients after discovering that cyber criminals had gained unauthorised access to its network and stolen confidential patient data.

 

Based in Alabaster, Alabama, Heart South Cardiovascular Group provides cardiac testing and preventive treatment services as well as treatment for other medical conditions such as venous insufficiency, or vein disease, peripheral vascular disease, chronic thrombosis and May-Thurner syndrome.

 

The healthcare provider said that on 11th November, it learned that an unauthorised third party was in possession of its data and launched a forensic investigation, with help from external cyber security professionals, to determine the scale of the breach and the nature of the compromised information.

 

The investigation did not find evidence of unauthorised access to the provider’s network or data theft, but found that the threat actor had posted a portion of the company’s data on the dark web. Based on this information, Heart South Cardiovascular Group carried out further investigation to determine the number of patients whose data was stored in the locations from which the posted data resided in its network.

 

The cardiac care provider told the Attorney General’s office on Monday that the security incident compromised the information of as many as 46,666 patients. To protect patient’s identities and personal information, it is now offering complimentary credit monitoring and identity theft restoration services through Kroll to all affected patients.

 

On 10th November, the Rhysida ransomware group claimed the cyber attack on Heart South’s network, but not much information is available about how much data was stolen from the provider’s network, how much ransom was claimed, or the ransom payment deadline given to Heart South. According to a screenshot 

of the group’s post on the dark web, Rhysida was willing to sell the stolen data for 6 Bitcoins, or £320,000. It is unclear whether the stolen repository was sold or handed off to other malicious actors.