Great Valley Cardiology

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Great Valley Cardiology, located in Scranton, PA, experienced a significant data breach affecting 181,764 current and former patients. The breach was first discovered on April 13, 2023, after unauthorized access to the organization’s systems began on February 2, 2023. The cyberattack led to the potential compromise of a wide range of personal and health information, including names, birth dates, Social Security numbers, driver’s license and passport numbers, bank account and credit/debit card information, diagnoses, medications, lab test results, and health insurance/claims information[1].

The breach was part of a series of cyberattacks targeting Northeast Pennsylvania medical providers. The U.S. Department of Homeland Security notified Great Valley Cardiology of the breach, which was attributed to a successful brute force attack. Following the discovery, Great Valley Cardiology took immediate steps to secure its systems and initiated a forensic investigation to determine the extent of the breach and the information compromised[1][7].

In response to the breach, Great Valley Cardiology has offered affected individuals complimentary credit monitoring and identity theft protection services for 24 months. Despite these measures, there have been no indications of misuse of patient data as a result of the security breach[1].

The incident has led to legal action against Great Valley Cardiology. A class-action lawsuit was filed, seeking damages for negligence, breach of fiduciary duty, breach of contract, and unjust enrichment. The lawsuit highlights the delay in notifying affected individuals, which potentially prevented them from taking timely action to protect their information. One plaintiff reported that her private information was found on the dark web, underscoring the ongoing risk of identity theft and fraudulent charges that affected individuals may face[6].

Great Valley Cardiology’s data breach underscores the growing threat of cyberattacks on healthcare providers and the critical importance of robust cybersecurity measures to protect sensitive patient information.

Citations:

  1. https://www.hipaajournal.com/great-valley-cardiology-181700-data-breach/
  2. https://today.westlaw.com/Document/Id6f3039732d411ee8921fbef1a541940/View/FullText.html?contextData=%28sc.Default%29&transitionType=CategoryPageItem
  3. https://www.turkestrauss.com/2023/06/16/great-valley-cardiology-data-breach-investigation/
  4. https://www.jdsupra.com/legalnews/great-valley-cardiology-files-notice-of-6227914/
  5. https://www.mass.gov/doc/assigned-data-breach-number-29979-great-valley-cardiology-additional-information/download
  6. https://www.beckershospitalreview.com/cardiology/patients-sue-after-pennsylvania-cardiology-group-data-breach.html
  7. https://www.beckersasc.com/cardiology/hackers-obtain-private-data-from-181-764-patients-at-pennsylvania-cardiology-group.html
  8. https://www.classaction.org/news/great-valley-cardiology-responsible-for-2023-data-breach-class-action-says
  9. https://news.yahoo.com/records-more-181-000-patients-000400881.html
  10. https://www.msdlegal.com/blog/2023/06/great-valley-cardiology-data-breach-class-action-lawsuit-investigation/
  11. https://www.beckershospitalreview.com/cardiology/181-000-patients-affected-after-hackers-breach-pennsylvania-cardiology-group.html
Breach Submission Date Jun 12, 2023
Converted Entity Name Great Valley Cardiology
Converted Entity Type Healthcare Provider
State PA
Individuals Affected 181,764
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes