Space Coast Vascular, a Florida-based medical group, suffered a cyberattack resulting in the compromise of personally identifiable information (PII) and protected health information (PHI) of several thousand current and former patients. The exposed data includes names, dates of birth, Social Security numbers, driver’s license/state ID numbers, medical treatment details, health insurance information, and financial account data. The breach poses severe risks, including identity theft, financial fraud, and medical fraud, as attackers gained access to highly sensitive records. The incident was disclosed to authorities (including the Maine Attorney General’s office) and affected individuals were notified via mail. In response, Space Coast Vascular secured its systems, engaged third-party cybersecurity experts, and offered 12 months of free Experian credit monitoring and identity protection services to mitigate risks. A dedicated call center was also established to assist victims. The scale and sensitivity of the leaked data spanning personal, health, and financial records indicate a high-severity breach with long-term repercussions for patients, including potential fraudulent account openings, medical identity theft, and targeted phishing attacks.
Source: https://www.claimdepot.com/data-breach/space-coast-vascular-2025
TPRM report: https://www.rankiteo.com/company/health-first
"id": "hea2692726100725",
"linkid": "health-first",
"type": "Cyber Attack",
"date": "10/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Several thousand (current and '
'former patients)',
'industry': 'Healthcare',
'location': 'Florida, USA',
'name': 'Space Coast Vascular',
'type': 'Medical Practice'}],
'customer_advisories': ['Mail notifications (2025-10-03)',
'Website notice',
'Dedicated call center support'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 'Several thousand (exact number '
'undisclosed)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes SSNs, '
'medical/financial data)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_publicly_disclosed': '2025-10-03',
'description': 'Space Coast Vascular, a Florida-based medical group, '
'experienced a cyberattack resulting in the compromise of '
'personally identifiable information (PII) and protected '
'health information (PHI) of patients. Exposed data includes '
"names, dates of birth, Social Security numbers, driver's "
'license/state ID numbers, medical treatment details, health '
'insurance information, and financial account information. The '
'breach poses risks of identity theft and fraud for several '
'thousand current and former patients.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive patient data',
'data_compromised': ['Names',
'Dates of birth',
'Social Security numbers',
"Driver's license numbers",
'State ID numbers',
'Medical treatment information',
'Health insurance information',
'Financial account information'],
'identity_theft_risk': 'High (due to exposure of PII/PHI)',
'payment_information_risk': 'High (financial account information '
'exposed)'},
'investigation_status': 'Completed (as of 2025-08-07 investigation '
'determination)',
'post_incident_analysis': {'corrective_actions': ['Secured systems',
'Offered 12 months of free '
'credit monitoring '
'(Experian)']},
'recommendations': ['Enroll in free 12-month Experian credit monitoring '
'(deadline: 2025-12-31)',
'Monitor credit reports and financial accounts for '
'unusual activity',
'Be alert for phishing attempts using exposed information',
'Consider placing fraud alerts or credit freezes with '
'major credit bureaus'],
'references': [{'source': 'Space Coast Vascular Notice of Data Incident'},
{'date_accessed': '2025-10-06',
'source': "Maine Attorney General's Office Disclosure"}],
'regulatory_compliance': {'regulatory_notifications': [{'agency': 'Maine '
'Attorney '
"General's "
'Office',
'date': '2025-10-06'}]},
'response': {'communication_strategy': ['Mail notifications to affected '
'individuals (sent 2025-10-03)',
'Published Notice of Data Incident on '
'website',
'Disclosed to Maine Attorney '
"General's office (2025-10-06)",
'Dedicated call center (866-497-0453, '
'Mon-Fri 9 AM–7 PM ET)'],
'containment_measures': 'Secured systems post-discovery',
'incident_response_plan_activated': True,
'third_party_assistance': 'Engaged third-party cybersecurity '
'experts for investigation'},
'title': 'Space Coast Vascular Data Breach (2025)',
'type': 'Data Breach'}