Skip to content

400k patients affected by Center for Vein Restoration data breach

  • by
  • 3 min read

The Center for Vein Restoration is notifying 446,000 individuals that their personal, financial, and medical information was compromised in a data breach on October 6. The cyberattack involved unauthorised access to files containing information about employees at the healthcare facility and its patients currently receiving treatment.

According to the notice detailing the incident, leaked information includes address, date of birth, Social Security number, driver’s license number, medical record number, diagnosis, lab results, medications, treatment information, health insurance information, provider names, dates of treatment, and financial information. Information regarding individuals employed at the facility was also accessed, but the notice doesn’t detail exactly what kind of information the attackers accessed.

After the attack, a third-party cybersecurity firm was brought in to help with the investigation. The facility has since adopted “additional safeguards and technical security measures to further protect and monitor” its systems. It also offers identity theft protection services through TransUnion to all 446,095 individuals affected by the attack.

Illustration: JMiks | Shutterstock
Illustration: JMiks | Shutterstock

No information on the nature of the attack was shared in the notice, nor does any major cybercrime or ransomware gang has claimed responsibility for the attack yet. Candid.Technology also didn’t find any data that might originate from the breach for sale on popular dark web hacking forums where cybercriminals usually share their exploits and sell data for crypto.

Due to its fast-paced nature, the healthcare industry has become an easy target for cybercriminals. Hospitals and clinics can’t handle the extended outages and infrastructure shutdowns that cybercrimes like ransomware attacks bring with them. Hospitals are also a treasure trove of data, including medical records and sensitive information like full names, numbers, email and physical addresses, and more about thousands of individuals. Hospitals are also not as well protected as major corporations, and ransomware gangs have used this to their advantage.

Artivion, a manufacturer of devices used in heart surgeries, recently disclosed a cybersecurity incident that resembles a ransomware attack. Another popular healthcare facility, Anna Jacques Hospital, has also recently revealed the extent of a ransomware attack it suffered in December 2023, which affected 316,342 victims with the stolen information, including demographic information, medical information, health insurance information, Social Security number, driver’s license number, financial information, and other personal or health information.

In the News: Families sue Character AI over teen self-harm and adult chats

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>