Having personal and financial information stolen by hackers is frightening enough on its own, but now medical data breaches are on the rise. In addition to these details, cybercriminals are also getting hold of medical records and test results.

Just recently, I covered a data breach at a healthcare IT company that exposed the health information of thousands of children. And now I have revealed that a clinic in Maryland suffered a similar breach in October of this year.

As reported by Cybernews, the Center for Vein Restoration (CVR), which has 110 locations across the U.S., suffered a data security incident that exposed patients' protected health information (PHI) and the personal information of current and former employees The incident resulted in the loss of patient protected health information (PHI) and personal information of current and former employees. Although vein repair is a more specialized medical procedure, the data of approximately 445,000 individuals has now been exposed online.

Here is everything you need to know about this latest data breach, including tips and tricks on what to do next if you are a patient at a vein restoration center and how to stay safe from hackers after a major security incident like this one.

According to a data breach notice (PDF) posted on the Center for Vein Restoration's website, unusual activity was detected on the center's systems on October 6. After securing its systems and notifying law enforcement about the breach, the Center initiated an internal investigation and retained a third-party forensic firm for additional assistance.

The investigation revealed that unauthorized attackers may have accessed files containing patient names, along with some or all of the information listed below, while in the CVR IT environment:

with respect to past and current employees, information related to their employment, may have been obtained by the hackers involved in this data breach.

With all of this information in hand, hackers could launch a variety of attacks and scams against individuals affected by this breach, ranging from targeted phishing attacks to identity theft using this stolen information as leverage. However, since they also have access to medical record numbers, test results, treatment details, and health insurance information, the hackers behind this information breach could also commit medical identity theft, submitting forged claims to patients' insurance providers and even Medicare.

If you or someone you know has received treatment at Center for Vein Restoration, there is a very good chance that you will receive a data breach notification in the mail. These notices will not only inform you that a security incident has occurred, but will also contain useful information about the next steps to take and what the companies involved in the data breach are doing to keep their customers (or patients) safe.

While some companies deny that a breach even occurred or subsequently fail to offer any protection to victims, the Center for Vein Restoration takes this issue very seriously. In many cases, in other data breaches, it is through an application to the state attorney general's office (usually in Maine) that the details of what actually happened can be learned. In this case, there is a section on the right side of the CVR home page, where I found the “Notice of Data Security Incident” linked above.

CVR offers affected individuals access to one of the best identity theft prevention services through TransUnion. However, its site notice does not explain the duration of these services, but typically companies offer one- or two-year subscriptions. If you are affected by this breach, the official data breach notice that is mailed to you will likely state the duration.

As with any data breach, it is advisable to carefully review all financial and health reports for irregularities that might point to fraud or identity theft. The same goes for credit reports. It may also be worth placing a fraud alert or security freeze on your credit to prevent hackers from taking out new credit cards or loans in your name.

More details may be forthcoming at a later date, but for now, CVR is taking all necessary steps by notifying patients and offering identity theft protection. However, at least for the time being, one should be vigilant to register for this service and check all accounts for suspicious activity.