Mulkay Cardiology discovered that an unknown, unauthorized third party gained access to its network and encrypted certain devices and files on its computer network in a ransomware attack.
91900133.1
Notice of Data Privacy Incident
On September 5, 2023, Mulkay Cardiology discovered that an unknown, unauthorized third party
gained access to its network and encrypted certain devices and files on its computer network in a
ransomware attack. Upon learning of the incident, Mulkay Cardiology promptly secured its
network, restored its systems from available backups, and notified law enforcement. Mulkay
Cardiology, through counsel, engaged a leading forensic security firm to investigate the incident.
The forensic investigation determined that an unauthorized third party accessed Mulkay
Cardiology’s systems from September 1, 2023, through September 5, 2023 and may have acquired
certain documents from Mulkay Cardiology’s systems during the incident. On September 14,
2023, Mulkay Cardiology determined that the potentially accessed documents contained some
individuals’ personal information. Mulkay Cardiology determined that the incident may have
resulted in unauthorized access to information that included, depending on the individual, their
name, address, date of birth, Social Security number, driver’s license number or state ID, medical
treatment information and/or health insurance information.
On November 3, 2023, to the extent it has current contact information, Mulkay Cardiology began
sending written notifications to individuals whose personal information or protected health
information may have been involved in the incident. Mulkay Cardiology also arranged for
complimentary identity theft protection services for those individuals whose Social Security
numbers and/or driver’s license numbers were involved in the incident.
Individuals should refer to the notice they will receive in the mail regarding steps they can take to
protect themselves, should they feel the need to do so. Mulkay has no reason to believe that any
personal information has been misused for the purpose of committing fraud or identity theft, but
as a precautionary measure, individuals should remain vigilant to protect against potential fraud
and/or identity theft by, among other things, reviewing their account statements and monitoring
credit reports closely. If individuals detect any suspicious activity on an account, they should
promptly notify the financial institution or company with which the account is maintained. They
should also promptly report any fraudulent activity or any suspected incidents of identity theft to
proper law enforcement authorities, including the police and their state’s attorney general.
Involved individuals may also wish to review the tips provided by the Federal Trade Commission
(“FTC”) on fraud alerts, security/credit freezes and steps that they can take to avoid identity theft.
For more information and to contact the FTC, please visit www.ftc.gov/idtheft or call 1-877-IDTHEFT (1-877-438-4338). Affected individuals may also contact the FTC at: Federal Trade
Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.
Mulkay Cardiology is committed to maintaining the privacy and security of the information
entrusted to it. Mulkay Cardiology has taken, and is taking, additional steps to help reduce the
likelihood of a similar event from happening in the future, including enhancing its technical
security measures. Individuals seeking additional information may call a confidential, toll-free
inquiry line at (888) 562-4148 9:00 am – 9:00 pm Eastern Time, Monday through Friday.
Notice of Data Privacy Incident
On September 5, 2023, Mulkay Cardiology discovered that an unknown, unauthorized third party
gained access to its network and encrypted certain devices and files on its computer network in a
ransomware attack. Upon learning of the incident, Mulkay Cardiology promptly secured its
network, restored its systems from available backups, and notified law enforcement. Mulkay
Cardiology, through counsel, engaged a leading forensic security firm to investigate the incident.
The forensic investigation determined that an unauthorized third party accessed Mulkay
Cardiology’s systems from September 1, 2023, through September 5, 2023 and may have acquired
certain documents from Mulkay Cardiology’s systems during the incident. On September 14,
2023, Mulkay Cardiology determined that the potentially accessed documents contained some
individuals’ personal information. Mulkay Cardiology determined that the incident may have
resulted in unauthorized access to information that included, depending on the individual, their
name, address, date of birth, Social Security number, driver’s license number or state ID, medical
treatment information and/or health insurance information.
On November 3, 2023, to the extent it has current contact information, Mulkay Cardiology began
sending written notifications to individuals whose personal information or protected health
information may have been involved in the incident. Mulkay Cardiology also arranged for
complimentary identity theft protection services for those individuals whose Social Security
numbers and/or driver’s license numbers were involved in the incident.
Individuals should refer to the notice they will receive in the mail regarding steps they can take to
protect themselves, should they feel the need to do so. Mulkay has no reason to believe that any
personal information has been misused for the purpose of committing fraud or identity theft, but
as a precautionary measure, individuals should remain vigilant to protect against potential fraud
and/or identity theft by, among other things, reviewing their account statements and monitoring
credit reports closely. If individuals detect any suspicious activity on an account, they should
promptly notify the financial institution or company with which the account is maintained. They
should also promptly report any fraudulent activity or any suspected incidents of identity theft to
proper law enforcement authorities, including the police and their state’s attorney general.
Involved individuals may also wish to review the tips provided by the Federal Trade Commission
(“FTC”) on fraud alerts, security/credit freezes and steps that they can take to avoid identity theft.
For more information and to contact the FTC, please visit www.ftc.gov/idtheft or call 1-877-IDTHEFT (1-877-438-4338). Affected individuals may also contact the FTC at: Federal Trade
Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.
Mulkay Cardiology is committed to maintaining the privacy and security of the information
entrusted to it. Mulkay Cardiology has taken, and is taking, additional steps to help reduce the
likelihood of a similar event from happening in the future, including enhancing its technical
security measures. Individuals seeking additional information may call a confidential, toll-free
inquiry line at (888) 562-4148 9:00 am – 9:00 pm Eastern Time, Monday through Friday.
