445,000 Patients Impacted: Center for Vein Restoration Discloses Data Breach

The Center for Vein Restoration (CVR), a Maryland-based medical clinic in the United States, has suffered a significant data breach affecting hundreds of thousands of individuals. Cybercriminals accessed highly sensitive information, including laboratory results and medical insurance details.

The incident occurred in early October. According to a statement on the clinic’s website, suspicious activity within its systems was detected on October 6. Later, CVR reported to the U.S. Department of Health and Human Services that over 445,000 individuals were impacted by the breach.

CVR, which describes itself as the largest vein treatment center in the United States, operates more than 110 branches nationwide. The clinic is owned by the private equity firm Cortec Group.

The breach exposed patients’ names, addresses, dates of birth, Social Security numbers, driver’s license details, medical records, diagnoses, test results, treatment information, insurance details, and financial data. Additionally, clinic employees were affected, with attackers gaining access to their employment contracts.

The exposure of medical data poses a particularly grave risk, as such information is highly sought after on the dark web. These details enable fraudsters to commit healthcare fraud, such as filing fraudulent insurance claims or obtaining prescription medications illegally.

Moreover, the stolen data could be used for targeted phishing attacks or even blackmail. This is especially concerning for the leaked information regarding mental health, which could be exploited as a tool for coercion.

CVR stated that it has implemented enhanced security measures to safeguard its systems. Those affected by the breach are advised to carefully monitor their medical records and remain vigilant.