Notice of Data Incident
August 2, 2024
On May 30, 2024, Heart South Cardiovascular Group (“Heart South”) experienced a cybersecurity incident. We immediately began an investigation, which included working with third-party specialists to determine the nature and scope of the incident. The investigation determined that certain information stored on our network was accessed by an unauthorized party between May 29, 2024 and May 30, 2024. While the review of the impacted information is still ongoing, the investigation has determined the information at risk may contain first and last name together with one or more of the following: address, date of birth, driver’s license number, Social Security number, diagnosis/condition, lab results, medications, and/or other treatment information. We are currently obtaining address information for potentially impacted individuals and will be providing written notice to individuals for whom we have addresses.
In response to this incident, we implemented additional security measures to further minimize the risk of a similar incident occurring in the future. We also notified law enforcement and are reviewing our policies and procedures related to data protection. We have no reason to believe any information has been misused as a result of this incident. However, we are providing individuals access to credit monitoring and identity protection services as an added precaution. If you have questions about this incident or would like to enroll in the credit monitoring and identity protection services, please call (888) 774-0744 between the hours of 8:00 a.m. to 8:00 p.m. Central Time, Monday through Friday, excluding holidays. You may also write to us at 1022 1st Street N. #500, Alabaster, AL 35007.
In general, we encourage individuals to remain vigilant in regularly reviewing and monitoring all account statements, explanation of benefits statements, and credit history to guard against any unauthorized transactions or activity. Under U.S. law, individuals are entitled to one free credit report annually from each of the three major credit reporting bureaus, TransUnion, Experian, and Equifax. To order your free credit report, visit www.annualcreditreport.com or call 1-877-322-8228.
Individuals have the right to place an initial or extended fraud alert on a credit file at no cost. If individuals are a victim of identity theft, they are entitled to an extended fraud alert lasting seven years. As an alternative to a fraud alert, they have the right to place a credit freeze on a credit report. The credit freeze is designed to prevent credit, loans, and services from being approved without consent. Pursuant to federal law, individuals cannot be charged to place or lift a credit freeze on your credit report.
Should you wish to place a fraud alert or credit freeze, please contact the three major credit reporting bureaus listed below:
TransUnion
1-800-680-7289
www.transunion.com
Experian
1-888-397-3742
www.experian.com
Equifax
1-888-298-0045
www.equifax.com
You can further educate yourself regarding identity theft, fraud alerts, credit freezes and the steps you can take to protect your personal information by contacting the credit reporting bureaus, the Federal Trade Commission (FTC), or your state Attorney General. The FTC also encourages those who discover that their information has been misused to file a complaint with them. The FTC may be reached at 600 Pennsylvania Ave. NW, Washington, D.C. 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. Instances of known or suspected identity theft should also be reported to law enforcement, your state Attorney General, and the FTC.
