CardioVascular Health Clinic Data Breach Exposes Patients' Health Info

Between February 18, 2025 and March 4, 2025, Oklahoma's CardioVascular Health Clinic (CHC) experienced a data breach. The incident began when an unauthorized individual accessed certain information stored on CHC’s network through a security incident involving their cloud services provider.

The breach was discovered after a network disruption on March 4, 2025, prompting an investigation with the assistance of third-party cybersecurity specialists.

While the exact number of affected individuals has not been disclosed at this time, the scope of the breach is extensive. The information potentially exposed includes a wide range of both personally identifiable information (PII) and protected health information (PHI).

PII that may have been accessed includes name, address, phone number, email address, date of birth, Social Security Number, driver’s license or state ID number, and financial account information. PHI potentially involved consists of treatment and diagnosis details, prescription information, provider name, medical record or case number, Medicare or Medicaid ID number, health insurance information, and treatment cost.

The breach is considered severe due to the sensitive nature of the data involved and the method of unauthorized access through a third-party cloud provider. This type of incident can increase risks of identity theft, financial fraud, and misuse of medical information.

For more information and to review the official notice, visit the Notice of Data Incident on the CardioVascular Health Clinic website.

CardioVascular Health Clinic's response

Upon discovering the breach, CardioVascular Health Clinic took immediate action by launching an investigation and engaging cybersecurity experts to assess the impact. The clinic also notified law enforcement and began reviewing internal policies and procedures to strengthen their security posture. Written notification is being provided to individuals for whom they have addresses, ensuring that affected patients are directly informed.

To support those impacted, CHC is offering access to credit monitoring and identity protection services at no cost. If you believe you may be affected or wish to enroll in these services, you can call 877-648-0819, Monday through Friday, 8:00 a.m. to 8:00 p.m. Central Time (excluding major U.S. holidays). Additionally, you may write to CHC at 3200 Quail Springs Parkway, Suite 200, Oklahoma City, OK 73134.

Given the sensitive nature of the information exposed, it is important to remain vigilant. CHC encourages all potentially affected individuals to:

• Regularly review credit reports, account statements, and explanation of benefits forms for suspicious activity or errors.
• Take advantage of your right to obtain a free credit report annually from each of the three major credit bureaus by visiting AnnualCreditReport.com.
• Consider placing a fraud alert or a credit freeze on your credit file at no cost. Contact TransUnion (1-800-680-7289, transunion.com), Experian (1-888-397-3742, experian.com), or Equifax (1-888-298-0045, equifax.com).
• Educate yourself about identity theft and fraud prevention by visiting the Federal Trade Commission’s identity theft website.

If you detect any suspicious activity or believe your information has been misused, promptly contact law enforcement, your state Attorney General, and the FTC.

To learn more about the clinic, visit the CardioVascular Health Clinic website.