Birmingham-based Alabama Cardiovascular Group has notified patients about a nearly month-long data breach.
The company, which operates six locations in and around Birmingham, said “unauthorized parties” gained access to personal information through the company network.
“If you are a current or past patient of a physician at ACG, or a current or past guarantor, employee, or physician at ACG, your personal information may have been affected,” the company stated in a notice posted on its website.
“ACG is committed to protecting the privacy of our patients and personal information and sincerely regrets any issues this incident may cause,” the company said in a statement.
According to the company, it became aware of the breach on July 2. An investigation determined it began on June 6. The company did not say who may have had access during that time.
Data possibly involved the breach included names, addresses, email addresses, phone numbers, demographic information, social security numbers, health insurance information, usernames and passwords, and medical information including dates of service, diagnoses, medications, images, lab results, and other treatment information.
The personal information may also have included driver’s license or passport numbers, credit card or debit card information, and bank account information if it had been provided to the group.
The company said once workers learned about the breach, it notified law enforcement, disconnected its network from the Internet and added several new security procedures.
The group has been notifying those possibly affected by letter. It is offering 24 free months of Experian IdentityWorks SM protection. Additional information can be found here.
