At Azura Vascular Care (Azura) we take the privacy and security of personal information seriously. We are providing the following information in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and applicable state laws to explain that a third party impermissibly accessed personal information that may have included health related information found in patient medical and billing records.
Azura operates 70 clinics in 25 states and Puerto Rico. To see a full list of locations, please visit our website at https://www.azuravascularcare.com/find-a-center/.
On November 9, 2023, Azura confirmed that some of its information had been affected by a cybersecurity incident. Azura conducted incident response and recovery procedures, took steps to contain the incident, and investigated with the assistance of a third-party forensic firm. Based on information learned to date, we believe that starting on or before September 27, 2023, the attacker(s) accessed certain systems and encrypted certain files. On November 15, 2023, we confirmed that these files included personal information for some of our patients. At this time, we have no evidence that the personal information was taken or has been misused.
The personal information on our affected computer systems may have included information that we maintain about our patients, such as name, mailing address, date of birth, and other demographic and contact information, including emergency contact information, Social Security number, insurance policy and guarantor information, diagnosis and treatment information, and other information from medical or billing records. Our systems also contained information regarding account guarantors including name, mailing address, telephone number, date of birth, Social Security Number and email address. Per our policy and in compliance with applicable laws, we have sent notification letters to individuals whose information was contained in our computer systems. For some individuals, only name, contact information, and a request for an appointment was involved. For other individuals, additional information may have been impacted, such as date of birth and Social Security Number or certain clinical information from their medical record. If sensitive information was potentially impacted, we have arranged to provide them with 24 months of identity protection, credit monitoring, and fraud resolution services. We have also implemented additional security measures in an effort to protect against this occurrence or similar events in the future.
Any individuals who receive notification from Azura or who might otherwise be concerned about identity theft are encouraged to regularly review statements from their accounts and to periodically obtain their credit report from one or more of the national credit reporting companies. Individuals may obtain a copy of their credit report once every 12 months by either visiting https://www.annualcreditreport.com, calling toll free at 1-877-322-8228, or completing an Annual Credit Report Request Form (found at https://www.consumer.ftc.gov/articles/0155-free-credit-reports) and mailing it to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281. For questions about identity theft, credit monitoring, and how to keep information secure, patients can visit this website http://www.consumer.ftc.gov/topics/identity-theft.
If you have questions regarding this incident, please contact our dedicated call center at 1-833-918-1631, reference # B114031.