Northeast Surgical Group, PC
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
On January 8, 2023, Northeast Surgical Group, PC, located in Macomb County, Michigan, detected suspicious activity within its network environment. This incident was classified as a “hacking/IT incident” and was reported to federal regulators. The breach exposed the private health information of more than 15,000 patients.
Details of the Breach
The unauthorized access to the network resulted in the exposure of sensitive patient information, including names, addresses, Social Security numbers, dates of birth, and medical and treatment information. The data was uploaded to the dark web by the ransomware group BianLian, as confirmed by a threat analyst for cybersecurity firm Emsisoft
Response and Measures Taken
Northeast Surgical Group responded to the breach by hiring cybersecurity specialists to investigate the incident. They have since implemented additional monitoring tools to enhance their security measures. The group has also offered affected patients free credit monitoring services and plans to provide fraud assistance if a patient’s identity is compromised
Legal Actions
Following the breach, Northeast Surgical Group faced a data breach class action, indicating the legal ramifications of the incident
The group began contacting individuals whose information may have been impacted on March 6, 2023, and has provided resources and instructions for those affected to enroll in credit monitoring services
Public Disclosure and Criticism
Despite the breach, Northeast Surgical Group stated that they do not have any evidence to indicate that the personal information has been or will be misused as a result of the incident. However, there has been criticism regarding the group’s delayed response and lack of transparency, as they did not initially disclose that the patients’ protected health information (PHI) was publicly dumped and available for free on the dark web