Cardiovascular Associates
Informational Website

This website is maintained by IDX on behalf of Cardiovascular Associates for the purpose of providing you with valuable services and information to mitigate any risks in the event that you experience identity theft as a result of this situation

Enroll Now Frequently Asked Questions

Notice of Data Security Incident

02/03/2023 — Cardiovascular Associates (“CVA”) experienced a data security incident that may have affected your personal information. On December 5, 2022, it was discovered that certain systems within CVA’s network may have been subject to unauthorized activity. In response to this incident, steps were quickly taken to restrict further unauthorized activity, an investigation of the incident was immediately launched, and a national forensic firm was engaged to assist with investigation and remediation efforts. In the course of the investigation, it was determined that an unauthorized third party was able to access certain systems that contained personal information and remove a copy of some data from the network between November 28, 2022 and December 5, 2022.

Based on the review, the personal information involved in this incident may have included one or more of the following elements: (1) demographic information to identify and contact the patient, such as full name, date of birth, and address; (2) Social Security number; (3) health insurance information, such as name of insurer/government payor and member ID, policy and/or group number; (4) medical and treatment information, such as medical record number, dates of service, provider and facility names, other visit, procedure and diagnosis information, and possibly assessments, tests and imaging; (5) billing and claims information, such as account and/or claim status, billing and diagnostic codes, and payor information; (6) passport and driver’s license number; (7) credit and debit card information; and (8) financial account information. For a limited subset of individuals, the information may have also included username and password. Please note that not all data elements were involved for all individuals.

CVA takes the security of personal information seriously. As soon as the incident was discovered, a forensic investigation was launched, and steps were taken to mitigate and remediate the incident and to help prevent further unauthorized activity. In response to this incident, security and monitoring capabilities are being enhanced and systems are being hardened as appropriate to minimize the risk of any similar incident in the future.

CVA is providing additional information on general steps individuals can take to monitor and protect their personal information in Additional Resources at the top of this page. Individuals should carefully review credit reports and statements sent from healthcare providers and financial institutions as well as their insurance company to ensure that all account activity is valid. Any questionable charges should be promptly reported to the provider or company which maintains the account. CVA has arranged to offer free credit monitoring and identity restoration services to individuals whose Social Security number, credit card/debit card or financial account information, passport or driver’s license number may have been involved.

CVA has established a dedicated assistance line for individuals seeking additional information regarding this incident. For the next 90 days, individuals who have questions about this matter or would like additional information can call toll-free 1-833-753-3802 during 9 a.m. – 9 p.m. Eastern Time, Monday through Friday, except holidays. This substitute notice and toll-free number will remain active for at least 90 days.

CVA is committed to protecting the privacy and security of personal information that it receives and sincerely regrets any inconvenience this incident may cause. Individuals potentially affected by this incident are being mailed notice letters. Since it is possible there may be insufficient contact information for some individuals, however, this notice is also accessible via CVA’s website, consistent with HIPAA.

Enrollment

As a result of this incident and at no cost to you, Cardiovascular Associates is offering IDX identity theft protection services to individuals whose Social Security number, credit card/debit card or financial account information, passport or driver’s license number may have been involved. IDX identity theft protection services help protect your identity with:

Enroll Now

Credit Monitoring
Credit monitoring (for adults) that alerts you to any changes to your credit report
Dedicated Experts
Access to Fraud Resolution Representatives to resolve identity theft issues
CyberScan™
CyberScan will monitor criminal websites, chat rooms, and bulletin boards for illegal selling or trading of your personal information
Exclusive Information
Exclusive educational materials on protecting your identity including instructive articles, up-to-date information on new identity theft scams and tips for protecting yourself
ID Theft Insurance
Up to $1,000,000 in insurance reimbursements, covering certain expenses that you may incur in responding to an ID theft event

Frequently Asked Questions

Incident Information

What happened?
On December 5, 2022, Cardiovascular Associates (CVA) discovered that certain systems within the network may have been subject to unauthorized activity. In response to this incident, steps were quickly taken to restrict further unauthorized activity, an investigation of the incident was immediately launched, and a national forensic firm was engaged to assist with investigation and remediation efforts.

In the course of the investigation, it was determined that an unauthorized third party was able to access certain systems that contained personal information and remove a copy of some data from the network between November 28, 2022 and December 5, 2022. As a result of this review, it appears that personal information may have been involved.

When did the incident occur?
The incident occurred between November 28, 2022 and December 5, 2022.

Why am I only now being contacted?
Cybersecurity investigations and data review are very complicated and take time. It was important that a thorough investigation into the matter took place to confirm what happened and identify those individuals who may have been impacted.

Who is CVA and why do they have my information?
CVA is a physician’s office that provides cardiology and other services throughout Alabama. Based on the review, it appears that you or a family member may have received services from us at some point in the past.

What steps were taken when the incident was discovered?
As soon as the incident was discovered, steps were quickly taken to prevent any further unauthorized activity, launch an investigation, and engage a leading national forensic firm to assist with investigation and remediation efforts. In response to this incident, security and monitoring capabilities are being enhanced and systems are being hardened as appropriate to minimize the risk of any similar incident in the future.

What kind of information was exposed in this incident?
The personal information involved in this incident may have included one or more of the following elements:
- Demographic information to identify and contact the patient, such as full name, date of birth, and address
- Social Security number
- Health insurance information, such as name of insurer/government payor and member ID, policy and/or group number
- Medical and treatment information, such as medical record number, dates of service, provider and facility names, other visit, procedure and diagnosis information, and possibly assessments, tests, and imaging
- Billing and claims information, such as account and/or claim status, billing and diagnostic codes, and payor information
- Passport and driver’s license number
- Credit and debit card information
- Financial account information
For a limited subset of individuals, the information may have also included:
- Username and password
Please note that not all data elements were involved for all individuals.

Was I impacted by this incident?
Please call 1-833-753-3802 to confirm whether your information was involved and for additional information.

Was my Social Security number, driver’s license number, passport number, credit card/debit card, or financial account information involved?
If you received a letter and it did not specifically state that your Social Security number, driver’s license or number, passport number, credit card/debit card, or financial account information may have been involved, then this information was not involved in this incident, based on the review. If you did not receive a letter but think your data may have been impacted, please call 1-833-753-3802 if you have questions or would like additional information.

What is being done to prevent similar events from happening in the future?
CVA takes the security of personal information seriously. Security and monitoring capabilities are being enhanced and systems are being hardened as appropriate to minimize the risk of any similar incident in the future.

Are credit monitoring services available?
If your Social Security number, driver’s license number, passport number, or credit card/debit card, or financial account information was potentially impacted, complimentary identity monitoring services are being offered. For more information about these services and instructions on how to activate the membership, please follow the steps included in the letter sent to you.

What steps can I take to protect myself?
The Reference Guide included in the letter sent to you contains additional information on general steps you can take to monitor and help safeguard your personal information. If you believe you are the victim of a crime, you can contact your local law enforcement authorities and file a police report. The Reference Guide is also accessible in Additional Resources located at the top of this website.

I received a letter in the mail. Is this fraudulent, a scam or a real incident?
Federal and state laws require notices to be provided to impacted individuals, including via letter. This incident did occur and thus the information and resources identified within the notification letter are being provided. You are encouraged to carefully review the Reference Guide included in your notification letter for more information on general steps you can take to monitor and help safeguard your personal information. Please call toll-free 1-833-753-3802 if you have further questions or would like additional information.

Who can I call if I have questions?
Please call toll-free 1-833-753-3802 to ask questions and learn additional information. This call center is open from 9 am – 9 pm Eastern Time, Monday through Friday, except holidays.

Minor Support Information

Why can’t I pull my child’s credit report?
Most minors, under the age of 18, do not have a credit history established and are under the age to secure credit, therefore there is no credit report to pull.

How can I check to see if someone has created a credit file using my child’s information?
TransUnion offers a secure online form that you can use to submit your child’s information to see if a credit file exists. Click here to go directly to the secure online form.

Additional information on child ID theft can also be found here.

Decedent Support Information

What kind of coverage will the membership offer to someone who is deceased?
With this enrollment we will provide you, their legal representative, resolution assistance should they fall victim to fraudulent activity. The protection services apply to their identity, but the membership is truly there to support you if something were to happen.

Why can’t I activate/authenticate the monitoring product for a deceased individual?
In most cases, decedents cannot be authenticated because the Social Security Administration or their legal representative (spouse, child, etc.) has already notified the credit bureaus that the person is deceased. If the credit bureaus have “frozen” the decedent’s credit files, the risk of identity theft has been significantly reduced.

Please know that the membership still provides recovery services to support you, their legal representative, if something was to happen; which is the real and true value.

Is it possible to steal a deceased person’s identity?
Unfortunately, it is possible to steal the identity of someone who is deceased. Identity thieves obtain information about deceased individuals in various ways.

How can someone steal a deceased person’s identity?
They may watch the obituaries, steal death certificates, or even get the information from websites that offer the Social Security Death Index file (which is actually intended for genealogy research).

Does the Social Security Administration notify the credit bureaus and other financial institutions when someone is deceased?
Yes, but please be aware that it takes time for the Social Security Administration to conduct this notification, so financial institutions and the credit bureaus are not immediately made aware that a customer is deceased.

Should I notify the credit bureaus when a dependent family member or spouse passes away?
Yes, you should immediately notify each credit bureau (Equifax, Experian, and TransUnion) in writing that the person is deceased and ask that a deceased alert be placed on their credit report.

How do I place a deceased alert on the credit file?
You will want to notify each credit bureau (Equifax, Experian and TransUnion) in writing the following message:

“Deceased. Do not issue credit. If an application is made for credit, notify the following person(s) immediately: (list the next surviving relative, executor/trustee of the estate and/or local law enforcement agency- noting the relationship).”

Mail all correspondence via certified mail, return receipt requested. Be sure to keep photocopies of all correspondence, including letters that you send. Finally, you should also request a copy of the credit report.

Equifax
PO Box 740260
Atlanta, GA 30374 Experian
PO Box 9554
Allen, TX 75013
(888)397-3742 TransUnion
PO Box 2000
Chester, PA 19022

What documents will I need to send to the credit bureaus alerting them that the person is deceased?
You will need to include:
- A copy of the death certificate
- Name and SSN of deceased
- Last known address
- Date of birth
- Date of death

Should I notify other financial institutions regarding the death?
Yes, immediately notify relevant credit card companies, banks, stock brokers, loan/lien holders, and mortgage companies of the death. The executor or surviving spouse will need to discuss all outstanding debts and how they will be dealt with. You will need to transfer the account to another person or close the account. If you close the account, ask them to list it as: “Closed. Account holder is deceased.” You may need to provide a copy of the death certificate to creditors as well as the credit bureaus. You should also notify utilities, phone companies, cell phone companies, etc, that you are terminating the account because the account holder is deceased.

What happens if I do not notify the credit bureaus that the person is deceased?
Without a specific communication, the credit bureaus may not be aware of the death. An active credit file may stay open for up to 10 years without activity. During this time, an identity thief may use the decedent’s Social Security number to open up new lines of credit or apply for loans.

What steps should be taken if I (surviving spouse or estate executor) suspect that someone is fraudulently using the information of a deceased person?
There are several steps that should be taken:
- You should request a copy of the decedent’s credit reports and place a “deceased alert” on the credit files
- You should also notify the police in the decedent’s jurisdiction and provide any evidence you have of the fraud (collection notice, bills, credit report)
- Notify any creditor, collection agency, credit issuer, utility company that the person is deceased and date of death. Be sure to include a copy of the death certificate. Request an immediate investigation and that they contact you with the results of the investigation. Insist on “Letters of Clearance,” which you should keep with the other estate papers.

What should be done about joint accounts?
If there is a surviving spouse or other joint account holders, make sure to notify the company that the deceased’s name needs to be removed from the account. They may require a copy of the death certificate to do this, as well as permission from the survivor, or other authorized account holders.

Is it possible to order a credit report for a deceased person?
If the credit bureaus have been notified of the deceased person’s death, it is not possible to order their credit report. The easiest way to determine this is to try to place a fraud alert for the deceased person. If the fraud alert is placed, then the bureaus have NOT been notified of the person’s death and ordering a report is possible. If you are informed that the fraud alert cannot be placed because the person is deceased, then you know that the bureaus have updated their records and that you will not be able to order a credit report.

Additional Resources

Review Your Account Statements
Carefully review statements sent to you from your healthcare providers, insurance company, and financial institutions to ensure that all of your account activity is valid. Report any questionable charges promptly to the provider or company with which you maintain the account.

Provide Any Updated Personal Information to Your Health Care Provider
Your health care provider’s office may ask to see a photo ID to verify your identity. Please bring a photo ID with you to every appointment if possible. Your provider’s office may also ask you to confirm your date of birth, address, telephone, and other pertinent information so that they can make sure that all of your information is up-to-date. Please be sure and tell your provider’s office when there are any changes to your information. Carefully reviewing this information with your provider’s office at each visit can help to avoid problems and to address them quickly should there be any discrepancies.

Order Your Free Credit Report
To order your free annual credit report, visit www.annualcreditreport.com, call toll-free at (877) 322-8228, or complete the Annual Credit Report Request Form on the U.S. Federal Trade Commission’s (“FTC”) website at www.ftc.gov and mail it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281. The three credit bureaus provide free annual credit reports only through the website, toll-free number or request form.

Upon receiving your credit report, review it carefully. Look for accounts you did not open. Look in the “inquiries” section for names of creditors from whom you have not requested credit. Some companies bill under names other than their store or commercial names; the credit bureau will be able to tell if this is the case. Look in the “personal information” section for any inaccuracies in information (such as home address and Social Security Number).

If you see anything you do not understand, call the credit bureau at the telephone number on the report. Errors may be a warning sign of possible identity theft. You should notify the credit bureaus of any inaccuracies in your report, whether due to error or fraud, as soon as possible so the information can be investigated and, if found to be in error, corrected. If there are accounts or charges you did not authorize, immediately notify the appropriate credit bureau by telephone and in writing. Information that cannot be explained should also be reported to your local police or sheriff’s office because it may signal criminal activity.

Contact the U.S. Federal Trade Commission
If you detect any unauthorized transactions in any of your financial accounts, promptly notify the appropriate payment card company or financial institution. If you detect any incidents of identity theft or fraud, promptly report the matter to your local law enforcement authorities, state Attorney General and the FTC.

You can contact the FTC to learn more about how to protect yourself from becoming a victim of identity theft by using the contact information below:

Federal Trade Commission
Consumer Response Center
600 Pennsylvania Avenue, NW
Washington, DC 20580
1-877-IDTHEFT (438-4338)
www.ftc.gov/idtheft/

Place a Fraud Alert on Your Credit File
To protect yourself from possible identity theft, consider placing a fraud alert on your credit file. A fraud alert helps protect against the possibility of an identity thief opening new credit accounts in your name. When a credit grantor checks the credit history of someone applying for credit, the credit grantor gets a notice that the applicant may be the victim of identity theft. The alert notifies the credit grantor to take steps to verify the identity of the applicant. You can place a fraud alert on your credit report by calling any one of the toll-free fraud numbers provided below. You will reach an automated telephone system that allows flagging of your file with a fraud alert at all three credit bureaus.

Equifax
P.O. Box 105069
Atlanta, Georgia 30348
1- 888-766-0008
www.equifax.com

Experian
P.O. Box 9554
Allen, Texas 75013
1-888-397-3742
www.experian.com

TransUnion
P.O. Box 2000
Chester, PA 19016
1-800-680-7289
www.transunion.com

Security Freezes
You have the right to request a credit freeze from a consumer reporting agency, free of charge, so that no new credit can be opened in your name without the use of a PIN number that is issued to you when you initiate a freeze. A security freeze is designed to prevent potential credit grantors from accessing your credit report without your consent. If you place a security freeze, potential creditors and other third parties will not be able to get access to your credit report unless you temporarily lift the freeze. Therefore, using a security freeze may delay your ability to obtain credit.

Unlike a fraud alert, you must separately place a security freeze on your credit file at each credit bureau. To place a security freeze on your credit report you must contact the credit reporting agency by phone, mail, or secure electronic means and provide proper identification of your identity. The following information must be included when requesting a security freeze: (1) full name, with middle initial and any suffixes; (2) Social Security number; (3) date of birth; (4) current address and any previous addresses for the past five years; and (5) any applicable incident report or complaint with a law enforcement agency or the Registry of Motor Vehicles. The request must also include a copy of a government-issued identification card and a copy of a recent utility bill or bank or insurance statement. It is essential that each copy be legible, display your name and current mailing address, and the date of issue.

Below, please find relevant contact information for the three consumer reporting agencies:

Equifax Security Freeze
P.O. Box 105788
Atlanta, GA 30348
1-800-685-1111
www.equifax.com

Experian Security Freeze
P.O. Box 9554
Allen, TX 75013
1-888-397-3742
www.experian.com

TransUnion
P.O. Box 160
Woodlyn, PA 19094
1-888-909-8872
www.transunion.com

Once you have submitted your request, the credit reporting agency must place the security freeze no later than 1 business day after receiving a request by phone or secure electronic means, and no later than 3 business days after receiving a request by mail. No later than five business days after placing the security freeze, the credit reporting agency will send you confirmation and information on how you can remove the freeze in the future.

Cardiovascular Associates Informational Website

Notice of Data Security Incident

Enrollment

Frequently Asked Questions

Additional Resources

Cardiovascular Associates
Informational Website