Center for Vein Restoration Data Breach Affects 448,891 Americans

On October 6, 2024, Center for Vein Restoration (CVR) discovered unusual activity within its information technology environment when an unauthorized party had gained access to files containing sensitive personal and medical information.

The breach impacted a total of 448,891 individuals across the United States including 3,182 residents of Texas and 83 of Maine. The exposed information included a wide range of sensitive data, which could potentially lead to identity theft or fraud.

The following types of information were compromised:

• Name
• Address
• Date of birth
• Social Security Number
• Driver’s license number
• Medical record number
• Diagnosis
• Lab results
• Medications
• Treatment information
• Health insurance information
• Provider names
• Dates of treatment
• Financial information

The breach was first reported to the Maine Attorney General's Office on December 13, 2024. Affected individuals were notified via written communication on December 12, 2024.

CVR's response

In response to the data breach, Center for Vein Restoration took steps to secure its systems and prevent further unauthorized access. The company engaged law enforcement and a third-party forensic firm to assist with the investigation.

Additionally, CVR implemented enhanced safeguards and technical security measures to strengthen its IT infrastructure.

To support affected individuals, CVR is offering 12 months of complimentary identity theft protection services through TransUnion. These services include single-bureau credit monitoring, access to credit reports and credit scores, and proactive fraud assistance.

Affected individuals can enroll in these services by visiting https://bfs.cyberscout.com/activate and using the unique code provided in their notification letter.

Steps affected individuals should take

If you believe you were impacted by this data breach, it is crucial to take the following steps to protect your personal and financial information:

1. Enroll in credit monitoring services: Take advantage of the free credit monitoring services offered by CVR. Visit https://bfs.cyberscout.com/activate and enroll within 90 days of receiving your notification letter.
2. Monitor your financial accounts: Regularly review your bank statements, credit card transactions, and health insurance statements for any unauthorized activity. Report any suspicious charges or claims immediately.
3. Check your credit reports: Under federal law, you are entitled to one free credit report annually from each of the three major credit bureaus. Visit AnnualCreditReport.com to request your reports and look for any inaccuracies or unfamiliar accounts.
4. Place a fraud alert or security freeze on your credit file: A fraud alert notifies creditors to verify your identity before opening new accounts in your name. You can place a fraud alert with one of the three major credit bureaus (Equifax, Experian, or TransUnion), and it will automatically notify the others. Alternatively, you can place a security freeze on your credit file to prevent new accounts from being opened without your explicit permission.
5. Stay vigilant: Be cautious of phishing attempts or scams. Avoid clicking on suspicious links or providing personal information to unknown sources.
6. Report identity theft: If you suspect that your information has been misused, file a report with the Federal Trade Commission (FTC) at IdentityTheft.gov and notify your local law enforcement agency.