Cyber Incident Victim: Lubbock Cardiology Clinic

Between December 15, 2013, and January 30, 2014, unauthorized individuals gained access to the Electronic Health Record (EHR) system utilized by Lubbock Cardiology Clinic (LCC), a Texas-based medical provider. This intrusion compromised the protected health information of more than 1,400 patients. The breached records contained sensitive personal identifiers, including full names, residential addresses, telephone numbers, and Social Security numbers. The attackers maintained persistent access to the EHR for approximately six weeks, though the specific methods of infiltration or exploitation were not publicly disclosed in available reports. The clinic discovered the breach following an unspecified detection process, prompting immediate internal review. The compromised data posed significant risks of identity theft, financial fraud, and medical privacy violations due to the inclusion of highly sensitive Social Security numbers alongside detailed patient demographics.

Lubbock Cardiology Clinic initiated an investigation upon identifying the breach, though the scope and findings of this inquiry remained undisclosed as of April 2014. The organization posted an official notification on its digital platforms to inform potential victims, directing concerned individuals to contact a dedicated telephone line for confirmation of their involvement in the incident. Public statements emphasized active efforts to recover the compromised information, with a clinic representative asserting, “We are vigorously seeking answers and recovery of this information, and I am confident that we will be successful.” No evidence suggested ransomware deployment, data encryption, or destruction of records during the intrusion. The breach exposed systemic vulnerabilities in the clinic’s electronic record-keeping infrastructure but yielded no confirmed reports of fraudulent misuse of patient data at the time of public disclosure.