An Indiana based neurology practice Goodman Campbell is notifying nearly 363,000 individuals that their sensitive information was compromised in a recent ransomware attack and that some of their data was posted on the dark web.
The data breach report to Maine’s attorney general on July 19, says a sophisticated ransomware attack, which affected its computer network and communications system including email and phones resulted in a compromise to patient and employee information.
After discovering the attack, it immediately took steps to secure its systems and engaged a forensic analysis and incident response firm and notified to FBI. An investigation lead to uncover the unauthorized access by the third party of their systems.
The attacker did not access the electronic medical record system, but was able to access patient information and records in other locations on our internal network, such as appointment schedules, referral forms, and insurance eligibility documentation.
PII Information affected in the incident included names, date of birth, address, telephone number, email addresses, medical record number, patient account number, diagnosis and treatment info, physician name, insurance information, dates of service, and Social Security numbers.
Hive threat actors in June posted on its leak site samples of data allegedly obtained in the Goodman Campbell hack, according to Databreaches.net.
Goodman Campbell patient information allegedly stolen in the attack was still posted on the Hive leak site. The medical practice asserts its data was available on the dark web for only about 10 days – Sources says.
Goodman Campbell says it is offering affected individuals 12 months of complimentary identity and credit monitoring. Also, in the wake of the incident, the practice says it is implementing new monitoring solutions to protect against future cyberattacks.