Cyber Incident Victim: National Cardiovascular Partners
Date:
Apr 2020
Location:
United States of America
Summary
An unauthorized actor gained access to a National Cardiovascular Partners employee email account, compromising data for approximately 78,000 patients. The breach occurred over nearly a month before discovery, exposing names, contact details, and other sensitive information that varied by individual, with evidence suggesting the attack aimed to commit financial fraud. Following containment, impacted individuals were offered a year of identity theft resolution services. The organization enhanced email security protocols and reinforced employee training to mitigate future risks. This incident aligns with broader healthcare sector challenges, as highlighted by contemporaneous reports of rampant email-based threats like phishing and ransomware targeting vulnerable systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
National Cardiovascular Partners (NCP) discovered unauthorized access to an employee email account on May 19, 2020, following a breach that began nearly a month earlier on April 27. The attacker maintained access to the compromised account for approximately three weeks before detection. Upon identifying the intrusion, NCP immediately secured the affected account and terminated the unauthorized access. An investigation conducted with assistance from an external cybersecurity forensics firm confirmed the account contained protected health information of 78,070 patients. The exposed data included patient names, contact information, and various other sensitive details that differed across individuals. NCP officials assessed that the primary motive behind the attack appeared to be financial fraud targeting the organization itself rather than direct exploitation of patient data. The breach notification submitted to California Attorney General Xavier Becerra confirmed these details while emphasizing there was no evidence of actual misuse of patient information at the time of disclosure.
The forensic investigation revealed the compromised email account served as the sole point of entry for the attacker, with no evidence suggesting broader network infiltration or additional compromised systems. As a precautionary measure, NCP notified all 78,070 affected patients and offered them one year of complimentary identity detection and theft resolution services. In response to the incident, NCP implemented enhanced security protocols specifically designed to strengthen email system protections against future compromises. The organization also conducted supplemental email security training for employees to reinforce cybersecurity awareness. This incident occurred amidst a documented surge in email-based threats targeting healthcare organizations, including phishing campaigns and ransomware attacks. The breach notification highlighted the persistent risks associated with email vulnerabilities in healthcare environments, particularly given industry reports indicating widespread deficiencies in email security training programs across hospital systems.