Central New York Cardiology Data Breach Exposes PHI & PII

Published
February 28, 2025
Updated
August 8, 2025
Central New York Cardiology Data Breach Exposes PHI & PII
Central New York Cardiology
Types of INFORMATION affected
  • Names
    Names
  • Social security numbers
    Social Security Numbers
  • Dates of birth
    Dates of Birth
  • Addresses
    Addresses
  • Government IDs
    Government IDs
  • Medical Information
    Medical Info
  • Financial Info
    Financial Info

Affected by the

Central New York Cardiology

data breach?

Join the Lawsuit

It's free to join. 

Banner advertisement for ExpressVPN to take control of your online security

Claim Depot may receieve a commission from links on this page

On Dec. 26, 2024, Central New York Cardiology detected unusual activity on its network, prompting an immediate investigation with the help of third-party cybersecurity specialists. The investigation revealed that an unauthorized individual gained access to certain parts of the company’s network between Dec. 26 and Dec. 30, 2024. During this period, sensitive information was acquired by the intruder.

The breach was significant in scope, as it potentially exposed a wide range of both personally identifiable information (PII) and protected health information (PHI). The information at risk included names, addresses, dates of birth, Social Security numbers, driver’s license numbers, diagnosis or condition details, health insurance information, provider names, treatment information and financial account information. For some individuals, multiple data elements may have been involved.

Central New York Cardiology’s investigation into the full extent of the breach is ongoing. As of July 29, 2025, the company has confirmed that at least 21 Massachusetts residents were affected, with additional individuals impacted in other states.

The company has posted a detailed notice for patients and the public on its website. Additional details about the breach are available in the Massachusetts Attorney General’s disclosure, the Vermont Attorney General’s disclosure and the U.S. Department of Health and Human Services breach portal.

Central New York Cardiology's response

For those affected, the company is offering complimentary credit monitoring and identity protection services for up to twenty-four months. Impacted individuals have been or will be contacted directly with instructions on how to enroll in these services. The company encourages everyone who may have been affected to remain vigilant by regularly reviewing account statements, credit reports and explanation of benefits forms for any unauthorized or suspicious activity.

Affected individuals are advised to:

  • Enroll in the free credit monitoring and identity protection services provided by Central New York Cardiology
  • Obtain a free credit report annually from each of the three major credit bureaus at www.annualcreditreport.com
  • Consider placing a fraud alert or credit freeze on their credit files
  • Report any suspicious activity to financial institutions, law enforcement and the Federal Trade Commission

A dedicated assistance line is available at 877-423-1434, Monday through Friday from 9 a.m. to 9 p.m. Eastern time, for anyone with questions or concerns regarding the breach.

Protect Your Data

A breach notice means your personal details could be circulating far beyond the organization involved. One practical step is continuous monitoring: services such as Identity Defender (included with an ExpressVPN subscription) can automatically check dark-web markets, flag new credit-file activity, and request removal of your information from data-broker sites.

This kind of “early-warning system” can’t undo a breach, but it can help you spot misuse quickly and limit further exposure. ExpressVPN is offering 61% off, risk-free for 30 days, with ID Theft Insurance included and no extra cost for those who sign up for one or two years.

Notice Letter

This browser does not support inline PDFs. Please download the PDF to view it: Download PDF

Consumers Notification date
Date of Breach
Breach Discovered Date
Total People Affected
500
Information Types Exposed
  • Medical Records
  • Social Security number
  • Date of birth
  • First and last name
  • Medical condition or treatment information
  • Medical diagnosis
  • Medical record numbers
  • Name
  • Nan
  • Social security numbers
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image