Cyber Incident Victim: South Denver Cardiology Associates
Date:
Jan 2022
Location:
United States of America
Summary
A healthcare provider experienced a cybersecurity breach resulting in unauthorized access to sensitive patient information, including names, birth dates, driver's license numbers, and Social Security numbers, though medical records remained secure. The incident affected over 287,000 individuals after attackers infiltrated systems during a multi-day period, with the organization detecting the intrusion shortly thereafter and initiating patient notifications weeks later. Exfiltrated data encompassed various personal identifiers, but the breach did not involve ransomware confirmation or compromise clinical treatment documentation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
South Denver Cardiology Associates identified a cybersecurity incident on January 4, 2022, following unauthorized access to certain network systems between January 2 and January 5, 2022. The attackers exfiltrated data belonging to over 287,000 patients during this three-day period. Compromised information included names, dates of birth, driver’s license numbers, Social Security numbers, and other personal identifiers, though medical records remained unaffected according to the organization’s assessment. The breach was discovered during routine security monitoring, prompting an immediate internal investigation to determine the scope of unauthorized activity. No evidence suggested that clinical systems or treatment databases were accessed or altered. The company initiated patient notification procedures the week preceding February 1, 2022, distributing individualized letters to affected parties.
The incident exposed sensitive personally identifiable information (PII), creating risks of identity theft and financial fraud for impacted individuals. South Denver Cardiology did not publicly confirm whether ransomware or extortion tactics were employed in the attack. While the company’s statement emphasized that medical care systems remained secure, it did not disclose technical details regarding the compromised systems or specific intrusion vectors. No evidence indicated operational disruptions to clinical services during or after the breach. The organization’s response included securing affected systems and conducting a forensic review, though no additional remediation measures—such as credit monitoring services—were explicitly outlined in available disclosures. Regulatory notifications were filed in accordance with federal health data breach reporting requirements.