Unauthorized parties accessed the personal data of all current and former patients and staff at Birmingham-based Alabama Cardiovascular Group.
On July 2, ACG became aware that unauthorized parties had breached the center's computer network, according to a news release. An investigation into the incident revealed that unauthorized parties were able to access personal identifying information of current and former patients, physicians, staff and guarantors at ACG.
Compromised information included addresses, contact information, Social Security numbers, health insurance information, usernames and passwords, medical data, driver's license and passport numbers and bank account other financial information.
ACG is offering its patients and employees 24 months of free identity theft protection in response to the breach and has implemented additional security measures. The incident was also reported to law enforcement.