Northeast Surgical Group, PC

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

On January 8, 2023, Northeast Surgical Group, PC, located in Macomb County, Michigan, detected suspicious activity within its network environment. This incident was classified as a “hacking/IT incident” and was reported to federal regulators. The breach exposed the private health information of more than 15,000 patients.

Details of the Breach

The unauthorized access to the network resulted in the exposure of sensitive patient information, including names, addresses, Social Security numbers, dates of birth, and medical and treatment information. The data was uploaded to the dark web by the ransomware group BianLian, as confirmed by a threat analyst for cybersecurity firm Emsisoft

Response and Measures Taken

Northeast Surgical Group responded to the breach by hiring cybersecurity specialists to investigate the incident. They have since implemented additional monitoring tools to enhance their security measures. The group has also offered affected patients free credit monitoring services and plans to provide fraud assistance if a patient’s identity is compromised

Legal Actions

Following the breach, Northeast Surgical Group faced a data breach class action, indicating the legal ramifications of the incident

The group began contacting individuals whose information may have been impacted on March 6, 2023, and has provided resources and instructions for those affected to enroll in credit monitoring services

Public Disclosure and Criticism

Despite the breach, Northeast Surgical Group stated that they do not have any evidence to indicate that the personal information has been or will be misused as a result of the incident. However, there has been criticism regarding the group’s delayed response and lack of transparency, as they did not initially disclose that the patients’ protected health information (PHI) was publicly dumped and available for free on the dark web

Breach Submission Date Mar 06, 2023
Converted Entity Name Northeast Surgical Group, PC
Converted Entity Type Healthcare Provider
State MI
Individuals Affected 15,298
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes