Goodman Campbell Brain and Spine neurology practice, based out of Indiana, suffered a security incident on May 20th, 2022, that exposed the information of 362,833 people. Shortly after they became aware, Goodman Campbell enlisted the help of an incident response team that were tasked with investigating the attack and restoring affected systems. By July 19th, operations were fully restored, but it was discovered that information obtained by the threat actors had made its way onto a criminal forum where it remained for over 10 days. Information that was accessed included names, birth dates, email addresses, medical record numbers, patient account numbers, phone numbers, physician names, treatment information, addresses, insurance information, dates of service, and Social Security numbers. Patients of the firm have been notified and are being offered free credit monitoring services.
Analyst Notes
Goodman Campbell issued a statement announcing they have reassessed their security strategy and will implement new monitoring solutions moving forward. The personal health information (PHI) that was exposed could be used to carry out various types of identity theft and fraud. Those affected by the breach should stay vigilant and report any suspicious information to the appropriate parties while also taking advantage of the free credit monitoring services being offered.
https://healthitsecurity.com/news/neurology-practice-notifies-363k-of-data-breach-phi-released-on-dark-web
