Heart South Cardiovascular Group 2025 Data Breach
ObscureIQ Breach Intelligence
High SeverityWebsite / service breach
Heart South Cardiovascular Group Cardiology Breach (2025): Patient SSN & DOB Exposed
Cardiology practice providing heart and vascular care.
Verified by ObscureIQ Intelligence
79/100Breach Risk Index
22Data Value
60Market Recency
98dSince Breach
Breach Intelligence Summary
Entity: Heart South Cardiovascular Group · Actor: Rhysida · Sources: 2 references
Attack: Unknown
Profile: Healthcare provider · Cardiovascular care services · Specialty clinic network · USA
Timeline: Breach (2025-11-21) · Indexed (Jan 19, 2026) · Year (2025)
Exposure: 48K records · 5 fields: Date of Birth, Email Address, Full Name, Phone Number, Social Security Number
Status: Reported
Executive Summary
Heart South Cardiovascular Group, a cardiology practice in Central Alabama, learned on November 11, 2025 that an unauthorised third party claimed to possess data from its network. A forensic investigation conducted with external cybersecurity specialists found that data had been uploaded to the dark web. The practice formally identified the affected records on February 12, 2026 and began notifying affected individuals on April 6, 2026. The Rhysida ransomware group has been associated with the incident.\n\nThe breach affected approximately 47,000 individuals according to the Maine Attorney General notification. Compromised fields included names, email addresses, phone numbers, dates of birth, and Social Security numbers, alongside cardiovascular treatment information including diagnoses, procedures, medications, and health insurance details. This is the second public breach at Heart South: a separate May 2024 incident affected approximately 20,577 individuals and was resolved in 2025 through a $500,000 class-action settlement.\n\nFor affected patients, the practical risk profile combines identity-fraud exposure with cardiovascular care-specific risks. The combination of name, date of birth, and Social Security number is a strong base for synthetic identity fraud and fraudulent credit applications. Inclusion in the dataset confirms the existence of a cardiology care relationship, which can support medical-themed scams referencing real cardiac procedures, medications, or insurance claims. Patients with cardiovascular conditions are particularly attractive targets for emotionally manipulative scams because their care relationships are emotionally charged and high-frequency. Affected individuals should accept the complimentary identity-monitoring through Kroll, freeze credit at all three U.S. bureaus, monitor health-insurance statements, and treat unsolicited contact referencing the practice, cardiac treatment, or insurance verification with caution.
ObscureIQ assessment: Severe risk. Combines identity theft, medical fraud, and highly sensitive health exposure. Medical context enables targeted scams and reputational harm.
Breach Impact
Heart South faces compounding institutional exposure given that the November 2025 incident is the practice's second public breach in eighteen months. The May 2024 settlement of $500,000 establishes a clear cost benchmark for likely outcomes in pending litigation. Federal HIPAA notification obligations, attorney-general filings across multiple states given the dispersed patient population, and class-action exposure all add to the compliance and legal cost base. The reputational impact is concentrated within the Central Alabama cardiology market and is heightened by the recurrence of incidents. Operationally, the practice continues to provide patient care, and is offering complimentary identity-monitoring services through Kroll to affected individuals.
About Heart South Cardiovascular Group
Heart South Cardiovascular Group is a U.S.-based cardiology practice headquartered in Alabaster, Alabama, with additional locations in Clanton and Centreville. The practice specialises in cardiac and vascular medicine, providing services including diagnostic cardiac testing, interventional cardiology, preventive cardiology, and ongoing cardiovascular care to patients across Central Alabama. As a HIPAA-regulated healthcare provider, Heart South maintains substantial volumes of protected health information including patient identity, contact, insurance, billing, diagnostic, and cardiovascular treatment records. The patient base includes long-term cardiac patients whose conditions often require continuous monitoring and care.
Why They Hold Your Data
Specialty medical providers collect patient identity, medical history, diagnostic data, insurance records, and billing information tied to cardiovascular care.
Recent Developments
Heart South Cardiovascular Group was informed on November 11, 2025 that an unauthorised third party claimed to possess data from its network. A forensic investigation conducted with external cybersecurity specialists was launched. The practice notified the Maine Attorney General on April 6, 2026 and began mailing notifications to affected individuals on the same date. The Rhysida ransomware group has been associated with the incident. This is the second known breach at Heart South in eighteen months: a separate May 2024 incident affected approximately 20,577 individuals and was resolved in 2025 through a $500,000 class-action settlement filed in the Circuit Court of Bibb County, Alabama. Class-action investigations relating to the November 2025 incident have begun.
Data Points Exposed
5 verified field types
Date of Birth High
Email Address
Full Name High
Phone Number
Social Security Number Critical
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Exploitation & Downstream Threats
Threat Activity:High
Primary downstream threats:
- Identity theft and synthetic identity construction using government-issued IDs
- Identity verification bypass using name + date of birth combination
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
Threat vectors:
- Identity verification bypass
- Phishing, credential stuffing & account takeover
- Name-based social engineering
- SIM swapping, vishing & SMS phishing
- Full identity theft & synthetic identity fraud
Threat Actor: Rhysida
Rhysida
Unknown
Attribution and method are based on available breach intelligence. Reported attack vector: Unknown.
Recommended Actions
If you believe your information may be included:
Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
Frequently Asked Questions
What happened in the Heart South Cardiovascular Group breach?▾
Heart South Cardiovascular Group, a cardiology practice in Central Alabama, learned on November 11, 2025 that an unauthorised third party claimed to possess data from its network. A forensic investigation conducted with external cybersecurity specialists found that data had been uploaded to the…
What data was exposed?▾
Verified fields include Date of Birth, Email Address, Full Name, Phone Number, Social Security Number.
What should I do if I was affected?▾
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Sources & References
Every claim on this page is traceable. This breach draws on:
Breach Index
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Protect Yourself
Check If You're Affected
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
High-Risk? Get an Exposure Audit
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation