Tens of thousands of individuals are impacted by a medical cybersecurity incident. Alabama-based Heart South Cardiovascular Group confirmed that 46,666 people were affected. The company learned on November 11, 2025, that an unauthorized party claimed to possess company data. While an initial forensic investigation found no evidence of unauthorized network access, a subsequent discovery revealed that a limited amount of patient data was posted on the dark web.
Potentially impacted information includes full names combined with Social Security numbers, dates of birth, treatment details, diagnoses, medications, and health insurance information. Heart South is notifying affected patients and offering complimentary identity monitoring services. The firm has not confirmed specific individual impacts but began sending notices in April 2026.