Birmingham-based Alabama Cardiovascular Group filed a report with HHS confirming that 280,000 individuals were impacted by a data breach, TechTarget reported Aug. 20.
The breach was initially discovered July 2, when ACG became aware that unauthorized parties had accessed the center's computer network. The following investigation revealed that between the unauthorized parties maintained access to the data for nearly a month between June 6 and July 2.
Compromised information included addresses, contact information, Social Security numbers, health insurance information, usernames, passwords, medical data, driver's license numbers, passport numbers, and bank account and other financial information from current and past patients, physicians, staff and guarantors at ACG.
ACG engaged law enforcement and temporarily disconnected the ACG network from the Internet to reset user passwords. They are offering 24 months of identity theft protection services to anyone impacted by the breach.