Heart South Cardiovascular Group, a cardiology practice in Central Alabama, learned on November 11, 2025 that an unauthorised third party claimed to possess data from its network. A forensic investigation conducted with external cybersecurity specialists found that data had been uploaded to the dark web. The practice formally identified the affected records on February 12, 2026 and began notifying affected individuals on April 6, 2026. The Rhysida ransomware group has been associated with the incident.

The breach affected approximately 47,000 individuals according to the Maine Attorney General notification. Compromised fields included names, email addresses, phone numbers, dates of birth, and Social Security numbers, alongside cardiovascular treatment information including diagnoses, procedures, medications, and health insurance details. This is the second public breach at Heart South: a separate May 2024 incident affected approximately 20,577 individuals and was resolved in 2025 through a $500,000 class-action settlement.

For affected patients, the practical risk profile combines identity-fraud exposure with cardiovascular care-specific risks. The combination of name, date of birth, and Social Security number is a strong base for synthetic identity fraud and fraudulent credit applications. Inclusion in the dataset confirms the existence of a cardiology care relationship, which can support medical-themed scams referencing real cardiac procedures, medications, or insurance claims. Patients with cardiovascular conditions are particularly attractive targets for emotionally manipulative scams because their care relationships are emotionally charged and high-frequency. Affected individuals should accept the complimentary identity-monitoring through Kroll, freeze credit at all three U.S. bureaus, monitor health-insurance statements, and treat unsolicited contact referencing the practice, cardiac treatment, or insurance verification with caution.

Specialty medical providers collect patient identity, medical history, diagnostic data, insurance records, and billing information tied to cardiovascular care.

Heart South Cardiovascular Group was informed on November 11, 2025 that an unauthorised third party claimed to possess data from its network. A forensic investigation conducted with external cybersecurity specialists was launched. The practice notified the Maine Attorney General on April 6, 2026 and began mailing notifications to affected individuals on the same date. The Rhysida ransomware group has been associated with the incident. This is the second known breach at Heart South in eighteen months: a separate May 2024 incident affected approximately 20,577 individuals and was resolved in 2025 through a $500,000 class-action settlement filed in the Circuit Court of Bibb County, Alabama. Class-action investigations relating to the November 2025 incident have begun.