The Center for Vein Restoration Medical Clinic (CVR), based in Maryland, USA, collided with a large data breach, affecting hundreds of thousands of people. Attackers stole highly confidential information, including laboratory tests and medical insurance data.
The incident took place in early October, when suspicious activity in the systems was detected on October 6. The US Ministry of Health and Social Services informed CVR that over 445 thousand individuals had fallen victim to the breach.
CVR, self-proclaimed as the largest vein treatment center in the United States, operates over 110 branches nationwide. The clinic is privately owned by the investment company Cortec Group.
The compromised data included patients’ names, addresses, dates of birth, social security numbers, licenses, medical records, diagnoses, test results, treatment and insurance information, as well as financial data. Furthermore, employees’ contracts were also exposed to attackers during the breach.
The leak poses a significant threat due to the active use of medical data in the dark web. Such information enables fraudsters to engage in medical scams, such as fraudulent insurance claims or obtaining prescription drugs illegitimately.
Moreover, the data could be utilized for targeted phishing attacks or even blackmail. This is especially concerning for the leakage of mental health information, as it could potentially be used as a tool for coercion against the victims.
CVR has implemented additional security measures to safeguard its systems. It is advisable for individuals affected by the breach to meticulously review their medical documents and remain vigilant.