Neurosurgical Associates of New Jersey

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Neurosurgical Associates of New Jersey, also known as Neurosurgeons of New Jersey, experienced a data security incident that was first detected on October 4, 2023, due to suspicious activity associated with one of their corporate email accounts. This incident potentially impacted the protected health information (PHI) of some patients. The organization took immediate action by implementing incident response protocols and engaging external cybersecurity experts to conduct a forensic investigation. However, the investigation could not conclusively determine whether any information in the email account was accessed or taken during the unauthorized access[1][4].

The information potentially compromised in the breach includes patient names, addresses, Social Security numbers, health insurance policy numbers, medical record numbers, patient account numbers, medical history, and treatment information. In response to the incident, Neurosurgeons of New Jersey has taken several steps to prevent future occurrences, such as conducting a global password reset and implementing multifactor authentication for any remote access to email. Additionally, they have offered credit monitoring and identity restoration services at no cost to impacted individuals whose Social Security numbers were affected[1].

The breach was officially reported to the U.S. Department of Health and Human Services Office for Civil Rights on December 4, 2023. Neurosurgeons of New Jersey began sending out data breach notification letters to all individuals whose information was affected by the incident[4]. The organization operates 11 locations throughout New Jersey and employs more than 28 people, generating approximately $7.6 million in annual revenue[4].

For those affected by the breach, it is recommended to remain vigilant for incidents of identity theft or fraud, including reviewing credit reports and financial statements for suspicious activity. Impacted individuals can also visit consumer protection websites for more information on how to protect their identity[1].

This incident underscores the importance of robust cybersecurity measures and the need for continuous vigilance to protect sensitive patient information against unauthorized access and potential cyber threats.

Citations:

  1. https://www.neurosurgeonsofnewjersey.com/data-security-incident/
  2. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf?adobe_mc=MCMID%3D02408406485458979789220680779370557994%7CMCORGID%3DA8833BC75245AF9E0A490D4D%2540AdobeOrg%7CTS%3D1696377600
  3. https://www.medpagetoday.com/special-reports/features/107571
  4. https://www.jdsupra.com/legalnews/neurosurgeons-of-new-jersey-confirms-4963456/
  5. https://www.law.com/njlawjournal/2022/08/11/appeals-court-upholds-24-3m-jury-verdict-over-breach-of-implied-covenant-by-hospital/
  6. https://seculore.com/state/new-jersey/12-19-2023-nj-neurosurgical-associates-of-new-jersey/
  7. https://www.jdsupra.com/legalnews/data-breach-alert-new-jersey-brain-and-8133983/
  8. https://www.myinjuryattorney.com/neurosurgeons-of-new-jersey-data-breach-class-action-investigation-and-lawsuit-assistance/
  9. https://www.njcourts.gov/system/files/court-opinions/2023/atlanticneurosurgicalmotion_todismiss.pdf
  10. https://www.xitx.com/2023/12/neurosurgeons-of-new-jersey-cyberattack-lessons-about-safeguarding-patient-data/
  11. https://law.justia.com/cases/new-jersey/supreme-court/2005/a-75-03-opn.html
  12. https://law.justia.com/cases/new-jersey/appellate-division-unpublished/2022/a-2866-19.html
  13. https://healthitsecurity.com/news/nj-dialysis-center-neurosurgery-practice-both-face-cyberattacks
  14. https://casetext.com/case/comprehensive-neurosurgical-pc-v-valley-hosp-the-bd-of-trs-of-the-valley-hosp-valley-hosp-president-audrey-meyers-neurosurgical-assocs-of-nj-pc
Breach Submission Date Dec 04, 2023
Converted Entity Name Neurosurgical Associates of New Jersey
Converted Entity Type Healthcare Provider
State NJ
Individuals Affected 500
Breach Type Unauthorized Access/Disclosure

Breach Information Location Network Server

Business Associate Present Yes