Village Heart & Vein Center Data Breach 2026: 687 Florida Cardiology Patients Exposed via Email Compromise. What To Do
Village Heart Seller, PC (d/b/a Village Heart & Vein Center), a small cardiology and vein practice in The Villages, Florida, filed an HHS OCR breach on April 3, 2026 affecting 687 patients via an email account compromise. Patient base skews elderly retirees. No entity notice or class action filings have surfaced. Here is what to do.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Apr 3, 2026
HHS OCR filing (discovery date, intrusion window, and notification dates not publicly disclosed; HIPAA places discovery within 60 days prior)
Apr 3, 2026
Attacker gained access
Apr 3, 2026
Breach detected
Apr 3, 2026
HHS OCR filing (discovery date, intrusion window, and notification dates not publicly disclosed; HIPAA places discovery within 60 days prior)
Apr 3, 2026
Attacker gained access
Apr 3, 2026
Breach detected
Data exposed
02
Health records
Don't expire and can't be reissued
03
Contact & insurance
Phishing + targeted scams
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
What happened
Village Heart Seller, PC, doing business as Village Heart & Vein Center, is a small cardiology and vein practice at 8575 NE 138th Lane, Lady Lake, Florida — in The Villages retirement community in Sumter County. A second location operates in Leesburg, FL. The practice’s services include cardiology, electrophysiology, vascular / peripheral artery disease, and vein disease management. Providers include Dr. Georg Couturier MD FACC (founder, German-trained, Beth Israel NYC fellowship), Dr. Saroj Tampira, and Dr. Joel Garcia MD.
(The “Seller, PC” suffix in the legal entity name is unusual and may indicate a recent corporate transaction or sale-related shell entity. The practice’s public-facing name is Village Heart & Vein Center.)
The practice filed with HHS OCR on April 3, 2026 — Hacking/IT Incident at Email — confirming 687 affected individuals. Under HIPAA’s 60-day notification rule, the underlying incident discovery was likely between early February and early April 2026.
The “Email” classification is consistent with business email compromise (BEC) or phishing-driven mailbox takeover. Small-practice email breaches at this scale typically involve one-to-few mailbox compromises rather than full network intrusion. No ransomware group has publicly claimed responsibility.
Why this page is sparse
As of mid-May 2026, no entity notice has been posted on villageheartandvein.com. No press release, substitute notice in local Florida papers (The Villages Daily Sun, Ocala Star-Banner, Lake and Sumter Style), HIPAA Journal coverage, or class action investigation has surfaced. Florida does not maintain a public AG breach portal. Maine AG and Massachusetts AG portals show no entries.
The HHS OCR row is the only public artifact. This is normal for a sub-1,000-individual BEC incident at a small specialty practice that does not draw plaintiff-firm attention.
A particularly vulnerable patient population
Village Heart & Vein Center serves The Villages retirement community — a patient population skewing heavily elderly. Secondary harms from medical-data exposure compound underlying frailty:
- Many patients may not regularly check credit reports
- Cognitive impairment can delay recognition of identity theft
- Family caregivers often manage paperwork on the patient’s behalf
- Medicare fraud (cardiology and vascular procedures are high-dollar Medicare claims) is a particular risk
What was potentially exposed
Specific PHI categories are not entity-confirmed. For an email-only compromise at a cardiology practice, the typical exposure profile includes:
- Patient name, date of birth, address
- Health insurance information
- Appointment correspondence
- Cardiology consult letters
- EKG / echocardiogram report PDFs (sent to referring PCPs)
- Vascular ultrasound / varicose vein imaging reports
- Possibly SSN (if it appeared in attachments such as insurance verification or DME enrollment paperwork)
Full EMR data is almost certainly not in scope — email is a separate compartment from clinical record systems.
If you receive a Village Heart & Vein Center notification letter, that letter will list the specific data elements involved in your case.
What Village Heart & Vein Center is offering
Public information on remediation is not available. Read your specific notification letter for credit monitoring vendor, duration, and call center details.
Practice contact: 352-674-2080 or [email protected].
What to do
- Call Village Heart & Vein Center at 352-674-2080 to ask whether you have been notified and what monitoring is being offered.
- If you are a family member or caregiver of a Village Heart patient, monitor their statements on their behalf. Secondary identity theft against elderly patients is often noticed only by family members.
- Watch their Medicare Summary Notice for unfamiliar cardiology, vascular, or vein procedure claims.
- Place free credit freezes at Equifax, Experian, TransUnion as a baseline precaution.
- Stop the ongoing flow of your cardiology and vascular records. HealthConsent files HIPAA restriction requests covering cardiology, vascular, and specialty-care pathways.
Continue reading
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- Village Heart & Vein Center Homepage
- Healthgrades: Villages Heart & Vein Center Lady Lake FL
- Dr. Georg Couturier Provider Profile
- HHS OCR Breach Portal (primary source)
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.