Coastal Cardiology Notice
Maintaining the privacy and security of our patient’s information is of the utmost importance to Ascension. On August 15, 2022, we were alerted to a security event involving recently acquired Ascension St. Vincent’s Coastal Cardiology’s legacy systems including the electronic medical record. We immediately secured the legacy network, but unfortunately not before some of the information was encrypted by ransomware. No Ascension networks or systems, including the practice’s current electronic medical record, were affected by this incident.
Upon discovery of this incident we took immediate actions to investigate. We hired a third-party forensic team to assist us with investigating how the perpetrators gained access to encrypt the information. Additionally, we notified law enforcement about the event and will continue to cooperate with them. Our investigation determined that an unauthorized third-party accessed systems within the legacy Coastal Cardiology network. The primary purpose of the legacy network was to retain data, including patient information, to meet regulatory requirements but it was not used for current business operations. At this time, based on our investigation, we do not believe that any information was removed from the systems affected by this event or that it has been misused or shared by the perpetrators.
Unfortunately, because the information was encrypted and we are unable to access it, we are unable to determine exactly what information was affected. However, the legacy record would have contained individuals’ demographic and health information related to visits at Coastal Cardiology prior to October 5, 2021,including: name, address, email address, phone number, and insurance information, as well as Social Security number (if provided), clinical information, and billing and insurance information.
Although there is no indication that the information has been misused, we are offering free credit and identity theft protection services to affected individuals. We advised individuals on steps they can take to protect their information, including obtaining free credit reports, placing a security freeze on credit reports, and contacting appropriate oversight agencies. Ascension has also taken steps to ensure a similar incident does not happen again by initiating a security risk assessment, realigning staff responsibilities, removing access rights to the legacy system and retraining associates.
If you have additional questions, please contact the dedicated assistance line toll free at (855) 532-1247, Monday through Friday from 8:00 a.m. to 5:30 p.m. Central Time, excluding U.S. Holidays.