Cardiology Associates Breach Exposes Sensitive PII & PHI

Cardiology Associates of Mobile, Inc., practicing in Alabama and Mississippi, experienced a significant data breach in late 2024. On October 22, 2024, the company detected unauthorized activity on its computer network.

A third party attempted to infiltrate their systems, potentially exposing sensitive personal information. Upon discovery, the company acted swiftly to secure its network and launched an investigation with the help of independent IT security and forensic experts.

The breach was officially disclosed to various state attorney general offices, including Maine on December 5, 2024, Massachusetts on January 10, 2025, and Texas on January 13, 2025. According to the reports, a total of 1,514 individuals across the United States were affected by this incident. Among them, 502 were residents of Texas, 37 were in Massachusetts, and 1 was in Maine.

The types of consumer information exposed in this breach include:

• Names
• Addresses
• Social Security numbers
• Medical records
• Health insurance information
• Dates of birth
• Driver’s license numbers
• Passport numbers

While Cardiology Associates has not found evidence that this information has been misused or publicly released, the exposure of such sensitive data raises concerns about the potential for identity theft and fraud.

For more details, you can view the disclosure on the Maine Attorney General's website, the Massachusetts Attorney General's website, and the Texas Attorney General's website.

Cardiology Associates of Mobiles Response

Following the detection of the breach, Cardiology Associates took immediate action to secure its systems and prevent further unauthorized access. The company engaged external cybersecurity experts to conduct a thorough investigation and implemented additional safeguards to enhance the security of its network. These measures include reviewing and improving internal policies and procedures related to information security and lifecycle management.

To support affected individuals, Cardiology Associates is offering 12 months of complimentary credit monitoring services through Cyberscout, a TransUnion company. These services include credit monitoring, fraud assistance, and access to a single-bureau credit report. Affected individuals have been notified via U.S. Mail and can enroll in these services using the unique code provided in their notification letter.

For additional resources, visit IdentityTheft.gov for guidance on recovering from identity theft.