South Denver Cardiology Associates Announces Data Breach Affecting 287,000 Patients

South Denver Cardiology Associates (SDCA) has recently stated that it encountered a cyberattack last January 2022 that resulted in the access and potential theft of files comprising patient information by attackers.

Unusual network activity was discovered on January 4, 2022, and SDCA immediately initiated its breach response process. Systems were cut off from the network and de-activated, with the investigation confirming that hackers got access to specific systems between January 2, 2022 and January 5, 2022.

At that time, the hackers accessed some files kept on its systems, a number of which included patients’ personal data and protected health information (PHI). A thorough assessment of those files revealed they comprised patient names together with one or more of these types of data: birth dates, drivers’ license numbers, patient account numbers, Social Security numbers, medical insurance data, and clinical information including physician names, types and dates of service, and diagnoses.

SDCA stated the contents of medical documents were unaffected, the patient website wasn’t breached, and the investigation didn’t find any evidence of attempted or actual misuse of patient details; nonetheless, as a safety measure, affected people received offers of complimentary access to credit monitoring and identity theft protection services.

SDCA has submitted the breach report to the HHS’ Office for Civil Rights as impacting around 287,652 persons.

Approximately 80,000 Patients Impacted by Memorial Village ER Cyberattack

Memorial Village ER based in Houston TX, has lately begun sending notifications to 80,000 patients that a number of their PHI was located on a server that the hackers accessed on February 18, 2022.

Memorial Village ER mentioned the server was made secure with HIPAA-compliant security measures, but the security defenses were compromised by an unidentified entity who possibly viewed and/or acquired files on the server. A detailed analysis was performed to know the types of records on the server, which proved the breach was limited to names, dates of birth, addresses, and COVID-19 test findings. Affected persons were informed on March 9, 2022, less than one month after the discovery of the breach.

Social Security numbers, financial details, and insurance data were not exposed; nevertheless, as a safety precaution, impacted people were provided a free one-year membership to IdentityWorks identity theft protection service by Experian.

Memorial Village ER mentioned it has now upgraded its cybersecurity platform to avoid other security breaches later on.


About Christine Garcia 1304 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at