ACG
Company Details
Linkedin ID:
alabama-cardiovascular-group-pc
Website:
Employees number:
62
Number of followers:
2,535
NAICS:
62
Industry Type:
Homepage:
alcardio.com
IP Addresses:
0
Company ID:
ALA_7835886
Scan Status:
In-progress
Alabama Cardiovascular Group Company CyberSecurity Posture
alcardio.com
Alabama Cardiovascular Group is dedicated to the practice of up-to-date clinical, preventative, diagnostic and interventional cardiology. We are a relatively small group of cardiologists, which allows us to provide each patient a specific cardiologist for ongoing one-on-one care. Our mission is to provide personalized, exceptional care to every patient. We have an expert team of physicians provides general and specialized cardiovascular care that is readily accessible to our patients, while preserving a unique physician-patient relationship. ACG provides the full spectrum of general and specialized cardiovascular medicine. Our services are provided at two hospital locations (St Vincent's Birmingham and St Vincent's East), and five convenient satellite offices in Satellite Offices: One Nineteen Health and Wellness, Gardendale Medical Clinic, Fultondale, St. Vincent's St. Clair and St. Vincent's Blount. Our physicians are board certified in cardiology and internal medicine, as well as sub-specialty boards such as interventional cardiology, cardiac electrophysiology, nuclear medicine and echocardiography.
Alabama Cardiovascular Group A.I CyberSecurity Scoring
ACG Risk Score (AI oriented)Between 650 and 699
ACG
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
ACG Global Score (TPRM)XXXX
ACG
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
ACG Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Alabama Cardiology Group P.C. d/b/a Alabama Cardiovascular Group: Alabama Cardiology Group $2.2M Data Breach Settlement
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Alabama Cardiology Group Reaches $2.2M Settlement Over 2024 Data Breach Alabama Cardiology Group P.C. (d/b/a Alabama Cardiovascular Group) has agreed to a $2.225 million settlement to resolve a class action lawsuit stemming from a July 2, 2024, data breach that exposed sensitive personal and health information. The breach potentially compromised the data of U.S. residents who received a written notice from the organization regarding the incident. Eligible class members individuals whose personally identifiable information (PII) or protected health information (PHI) was affected may claim benefits under the settlement. These include: - Expense reimbursement of up to $5,000 for documented, unreimbursed out-of-pocket losses directly tied to the breach (e.g., credit monitoring fees, late charges, or professional services). - Pro rata cash payments as an alternative to reimbursement, with amounts determined by the number of valid claims. - Two years of credit monitoring via CyEx Medical Shield Complete, including one-bureau monitoring and $1 million in identity theft insurance. Claims must be submitted by March 6, 2026, either online or via mail/email to the settlement administrator. Documentation is required for expense reimbursement, while cash payments and credit monitoring only require an attestation of eligibility. Payouts will be distributed after final court approval, expected by March 20, 2026, and may be reduced pro rata if claims exceed available funds. The lawsuit alleged the group failed to adequately safeguard patient and employee data, leading to unauthorized access. Alabama Cardiology Group denies wrongdoing but settled to avoid prolonged litigation. The $2.225 million fund covers settlement costs, attorneys’ fees (up to $741,659.25), credit monitoring, and payments to class members.
ACG Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for ACG
Incidents vs Hospitals and Health Care Industry Average (This Year)
No incidents recorded for Alabama Cardiovascular Group in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Alabama Cardiovascular Group in 2026.
Incident Types ACG vs Hospitals and Health Care Industry Avg (This Year)
No incidents recorded for Alabama Cardiovascular Group in 2026.
Incident History — ACG (X = Date, Y = Severity)
ACG cyber incidents detection timeline including parent company and subsidiaries
ACG Company Subsidiaries
Alabama Cardiovascular Group is dedicated to the practice of up-to-date clinical, preventative, diagnostic and interventional cardiology. We are a relatively small group of cardiologists, which allows us to provide each patient a specific cardiologist for ongoing one-on-one care. Our mission is to provide personalized, exceptional care to every patient. We have an expert team of physicians provides general and specialized cardiovascular care that is readily accessible to our patients, while preserving a unique physician-patient relationship. ACG provides the full spectrum of general and specialized cardiovascular medicine. Our services are provided at two hospital locations (St Vincent's Birmingham and St Vincent's East), and five convenient satellite offices in Satellite Offices: One Nineteen Health and Wellness, Gardendale Medical Clinic, Fultondale, St. Vincent's St. Clair and St. Vincent's Blount. Our physicians are board certified in cardiology and internal medicine, as well as sub-specialty boards such as interventional cardiology, cardiac electrophysiology, nuclear medicine and echocardiography.
Loading...
ACG Similar Companies
Cedars-Sinai
Since its beginning in 1902, Cedars-Sinai has evolved to meet the healthcare needs of one of the most diverse regions in the nation, continually setting new standards for quality and innovation in patient care, research, teaching and community service. Today, Cedars-Sinai is widely known for its na
Norton Healthcare is a leader in serving adult and pediatric patients from throughout Greater Louisville, Southern Indiana, the commonwealth of Kentucky and beyond. The not-for-profit hospital and health care system is Louisville’s second largest employer, with more than 18,600 employees, over 1,75
NYU Langone Health
NYU Langone Health is a fully integrated health system that consistently achieves the best patient outcomes through a rigorous focus on quality that has resulted in some of the lowest mortality rates in the nation. Vizient Inc. has ranked NYU Langone No. 1 out of 118 comprehensive academic medical c
Genesis
As a premier care provider since 1985, Genesis HealthCare is a holding company with subsidiaries that, on a combined basis, provide services to skilled nursing facilities and senior living communities. Genesis also specializes in contract rehabilitation therapy, respiratory therapy, physician servic
As a world-class academic and health care system, Duke Health strives to transform medicine and health locally and globally through innovative scientific research, rapid translation of breakthrough discoveries, educating future clinical and scientific leaders, advocating and practicing evidence-base
Fortis Healthcare Group is a leading integrated healthcare provider operating across the Asia Pacific region. With more than 20,000 employees and growing, Fortis Helathcare is currently present in Australia, Canada, Hong Kong SAR, India, Mauritius, New Zealand, Singapore, Sri Lanka, UAE, and Vietnam
Wellstar Health System
At Wellstar Health System, our mission is to enhance the health and well-being of every person we serve. Nationally ranked and locally recognized for our high-quality care, inclusive culture and world-class doctors and caregivers, Wellstar is one of the largest, most integrated healthcare systems in
Rede D'Or
A Rede D’Or é a maior rede de saúde da América Latina. São 79 hospitais e mais de 60 clínicas oncológicas com presença nos estados de AL, BA, CE, DF, MA, MG, MS, PA, PB, PE, PR, RJ, SE, SP. Referência em qualidade técnica, a Rede D’Or atua em serviços complementares como banco de sangue, diális
Tenet Healthcare Corporation (NYSE: THC) is a diversified healthcare services company headquartered in Dallas. Our care delivery network includes United Surgical Partners International, the largest ambulatory platform in the country, which operates ambulatory surgery centers and surgical hospitals.
.png)
ACG CyberSecurity News
January 05, 2026 08:00 AM
$2.23M Alabama Cardiovascular Group data breach class action settlement
Alabama Cardiovascular Group agreed to a $2.23 million class action lawsuit settlement to resolve claims that it failed to prevent a 2024...
December 19, 2025 08:00 AM
Alabama Cardiology Group $2.2M Data Breach Settlement
Individuals whom the July 2024 Alabama Cardiology Group data breach impacted may be eligible to claim up to $5000 or cash payment and credit...
August 05, 2025 07:00 AM
Medical and Dental Groups Settle Class Action Data Breach Lawsuits
Dental Group of Amarillo in Texas and Heart South Cardiovascular Group in Alabama have settled class action lawsuits to resolve claims...
August 20, 2024 07:00 AM
Alabama Cardiovascular Group suffers healthcare data breach
Learn about a recent healthcare data breach at Alabama Cardiovascular Group, as well as other recent breaches in the healthcare sector.
August 16, 2024 07:00 AM
Understanding healthcare data breach lawsuit trends
Lawsuits often follow a healthcare data breach, but understanding what drives litigation trends can help healthcare organizations prepare.
August 14, 2024 07:00 AM
Alabama security breach exposes personal information of cardiologists, heart patients
Alabama Cardiovascular Group, a Birmingham-based cardiology provider affiliated with Grandview Medical Center, has announced that it experienced a significant...
August 05, 2024 07:00 AM
Alabama Cardiovascular Group Data Breach Investigation
Strauss Borrelli PLLC, a leading data breach law firm, is investigating Alabama Cardiovascular Group (“ACG”) regarding its recent data...
June 05, 2024 01:47 AM
Site Map
Navigate through all the business news articles published February 2022 by the Birmingham Business Journal.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
ACG CyberSecurity History Information
Official Website of Alabama Cardiovascular Group
The official website of Alabama Cardiovascular Group is http://www.alcardio.com.
Alabama Cardiovascular Group’s AI-Generated Cybersecurity Score
According to Rankiteo, Alabama Cardiovascular Group’s AI-generated cybersecurity score is 676, reflecting their Weak security posture.
How many security badges does Alabama Cardiovascular Group’ have ?
According to Rankiteo, Alabama Cardiovascular Group currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Alabama Cardiovascular Group been affected by any supply chain cyber incidents ?
According to Rankiteo, Alabama Cardiovascular Group has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Alabama Cardiovascular Group have SOC 2 Type 1 certification ?
According to Rankiteo, Alabama Cardiovascular Group is not certified under SOC 2 Type 1.
Does Alabama Cardiovascular Group have SOC 2 Type 2 certification ?
According to Rankiteo, Alabama Cardiovascular Group does not hold a SOC 2 Type 2 certification.
Does Alabama Cardiovascular Group comply with GDPR ?
According to Rankiteo, Alabama Cardiovascular Group is not listed as GDPR compliant.
Does Alabama Cardiovascular Group have PCI DSS certification ?
According to Rankiteo, Alabama Cardiovascular Group does not currently maintain PCI DSS compliance.
Does Alabama Cardiovascular Group comply with HIPAA ?
According to Rankiteo, Alabama Cardiovascular Group is not compliant with HIPAA regulations.
Does Alabama Cardiovascular Group have ISO 27001 certification ?
According to Rankiteo,Alabama Cardiovascular Group is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Alabama Cardiovascular Group
Alabama Cardiovascular Group operates primarily in the Hospitals and Health Care industry.
Number of Employees at Alabama Cardiovascular Group
Alabama Cardiovascular Group employs approximately 62 people worldwide.
Subsidiaries Owned by Alabama Cardiovascular Group
Alabama Cardiovascular Group presently has no subsidiaries across any sectors.
Alabama Cardiovascular Group’s LinkedIn Followers
Alabama Cardiovascular Group’s official LinkedIn profile has approximately 2,535 followers.
NAICS Classification of Alabama Cardiovascular Group
Alabama Cardiovascular Group is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
Alabama Cardiovascular Group’s Presence on Crunchbase
No, Alabama Cardiovascular Group does not have a profile on Crunchbase.
Alabama Cardiovascular Group’s Presence on LinkedIn
Yes, Alabama Cardiovascular Group maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/alabama-cardiovascular-group-pc.
Cybersecurity Incidents Involving Alabama Cardiovascular Group
As of January 25, 2026, Rankiteo reports that Alabama Cardiovascular Group has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Alabama Cardiovascular Group has an estimated 31,617 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Alabama Cardiovascular Group ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
What was the total financial impact of these incidents on Alabama Cardiovascular Group ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $2.23 million.
How does Alabama Cardiovascular Group detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with written notice to affected individuals..
Incident Details
Can you provide details on each incident ?
Title: Alabama Cardiology Group $2.2M Data Breach Settlement
Description: Alabama Cardiology Group P.C. d/b/a Alabama Cardiovascular Group agreed to pay $2,225,000 to resolve a class action lawsuit alleging it failed to adequately protect patient and employee data, resulting in unauthorized access to sensitive personal and health information.
Date Detected: 2024-07-02
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach ALA1766167382
Financial Loss: $2,225,000
Data Compromised: Personally identifiable information and protected health information
Legal Liabilities: Class action lawsuit settlement
Identity Theft Risk: High
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $2.23 million.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personally Identifiable Information, Protected Health Information and .
Which entities were affected by each incident ?
Incident : Data Breach ALA1766167382
Entity Name: Alabama Cardiology Group P.C. d/b/a Alabama Cardiovascular Group
Entity Type: Healthcare Provider
Industry: Healthcare
Location: Alabama, USA
Customers Affected: Individuals residing in the United States whose personally identifiable information or protected health information was potentially compromised
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach ALA1766167382
Communication Strategy: Written notice to affected individuals
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach ALA1766167382
Type of Data Compromised: Personally identifiable information, Protected health information
Sensitivity of Data: High
Personally Identifiable Information: Yes
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach ALA1766167382
Legal Actions: Class action lawsuit
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Class action lawsuit.
References
Where can I find more information about each incident ?
Incident : Data Breach ALA1766167382
Source: Class action settlement notice
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Class action settlement notice.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Written notice to affected individuals.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach ALA1766167382
Customer Advisories: Written notice to affected individuals regarding the data breach and settlement details
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Written notice to affected individuals regarding the data breach and settlement details.
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach ALA1766167382
Root Causes: Failure to adequately protect personal and health information
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2024-07-02.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was $2,225,000.
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident was Personally identifiable information and protected health information.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach was Personally identifiable information and protected health information.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Class action lawsuit.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Class action settlement notice.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Written notice to affected individuals regarding the data breach and settlement details.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2.
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Description
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the unsafe innerHTML property to render domain search results.
Description
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save process. This allows an unauthenticated attacker to upload arbitrary PHP code by spoofing the MIME type as an image, leading to full system compromise.
Description
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.
Risk Information
cvss3
Base: 6.0
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
cvss4
Base: 6.0
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=alabama-cardiovascular-group-pc' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
