Brunswick, Ga.-based Ascension St. Vincent's Coastal Cardiology's legacy systems were encrypted by ransomware.
On Aug. 15, the practice learned that a "security event" had caused ransomware to be deployed on its legacy systems, according to a breach notification from Ascension.
An investigation into the incident revealed that an unauthorized user gained access to systems within the legacy Coastal Cardiology network, used by Ascension to retain data, including patient information, in order to meet regulatory requirements.
Ascension submitted a breach notification to HHS on Oct. 14.
The legacy EMRs contained patients' personal information and treatment data tied to Coastal Cardiology visits held prior to Oct. 5, 2021, such as demographic details, insurance information, Social Security numbers, clinical information and billing data.
But, because the system was encrypted, Ascension cannot fully determine what kind of information was affected.
Ascension said it does not believe the information has been misused or taken from the system.
As a precaution, Ascension said it would give all affected patients a free two-year membership to credit monitoring and identity theft detection services.