Practice Areas
Cardiovascular Associates (CVA) Data Breach Attorneys in Alabama
Pittman, Dutton, Hellums, Bradley & Mann, P.C. is a Birmingham, Alabama-based law firm experienced in data breach and consumer class action cases. We are investigating claims on behalf of victims of a healthcare data breach involving Cardiovascular Associates (“CVA”). CVA is a medical group of over 20 cardiologists headquartered in Birmingham, Alabama, who have eleven offices throughout Alabama.
On February 3, 2023, CVA began sending Notice of Data Breach letters to current and former patients whose personal identifiable information (“PII”) and protected health information (“PHI”) were accessed and taken by an unauthorized third party.
If you received a Notice of Data Breach letter from CVA, please contact our office at (205) 322-8880 as soon as possible to discuss your potential legal rights and remedies.
What Information Was Accessed?
This data breach is significant because the unauthorized third party (hackers) accessed computer systems containing patients’ sensitive, personal data and removed a copy of some of the data including:
- Personal Identifiable Information (“PII”) such as full name, date of birth, address, Social Security number, drivers license number, and passport number
- Protected Health Information (“PHI”) such as medical and treatment information (medical record numbers, dates of service, provider and facility names, diagnosis information), in addition to billing and claims information (such as account and/or claim status, billing and diagnostic codes, and payer information)
- Financial and Billing Information such as credit and debit card information, financial account information, and health insurance information
When Did the Data Breach Occur?
The unauthorized actors gained access to CVA’s systems sometime between November 28, 2022, and December 5, 2022, when CVA discovered the breach. CVA then notified the Attorney Generals of California and Massachusetts of the incident and posted a notice on the CVA website on February 3, 2023.
What Caused the Cardiovascular Associates Data Breach?
According to CVA, in its report to the Attorney Generals of California and Massachusetts, sometime between November 28, 2022, and December 5, 2022, an unauthorized third party gained access to certain systems that contained personal information and exfiltrated (or removed a copy of) some data from CVA’s networks.
What Information Was Impacted in the Data Breach?
According to news reports of the incident, Information stored on the affected servers included:
- Full name
- Mailing address
- Date of birth
- Social Security numbers
- Driver’s license numbers
- Passport numbers
- Medical and treatment information
- Billing and financial Information
- Health insurance claims information and health insurance policy numbers
How Many People Are Impacted by the Data Breach?
CVA has not yet reported how many current and former patients’ information were impacted by the data breach. But CVA did disclose that 163 Massachusetts residents were affected.
It is believed that tens of thousands, if not hundreds of thousands of individuals have been impacted by this security incident given the large size of CVA’s practice.
How Can I Tell If My Data Was Stolen?
There are several steps you can take to check if your data was affected:
- Be on the lookout for updates: Check your mail to see if you received the letter mentioned above or are provided any updates/additional information.
- Watch out for phishing attempts: Be wary of scammers claiming to be from CVA asking you to provide information or click on a link. If in doubt, contact the company or consult with a lawyer.
Monitor your account activity: Check suspicious charges on your financial accounts or statements, monitor your credit reports for any unauthorized financial accounts, and be on the lookout for any mail you receive related to accounts that are not yours. Scammers and identity theft perpetrators often test with smaller charges before charging large bills.
What Should I Do if I Received Notification of the CVA Data Breach? How Do I Pursue Legal Recourse?
From our experience, we anticipate speaking with current and former CVA patients who are now victims of identity theft and financial fraud due to no fault of their own. Each patient is at an increased risk of identity theft and must spend time establishing safeguards and monitoring their credit profiles and financial accounts. It’s not an easy process and we’re happy to provide tips to anyone who needs help or they can call and receive a free confidential consultation.
If you would like to have a free, confidential consultation with an attorney to learn more about your rights and potential legal remedies in responding to the Cardiovascular Associates data breach, please call or text Pittman, Dutton, Hellums, Bradley & Mann, P.C. attorneys Jon Mann or Austin Whitten at (205) 322-8880, or email us at jonm@pittmandutton.com or austinw@pittmandutton.com, or submit a Case Evaluation request through our contact page.
