South Suburban Surgical Suites, LLC

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

South Suburban Surgical Suites, LLC experienced a data breach that was first discovered on April 3, 2023, when it was found that an unauthorized third party had gained access to a legacy Microsoft Office 365-hosted business email account through phishing. The breach occurred between February 20, 2023, and April 3, 2023. The compromised email account contained personal information which may have included names, addresses, dates of birth, Social Security numbers, driver’s license/state ID numbers, passport numbers, credit card information, financial account information, medical records, dates of service, provider names, diagnosis or procedure information, prescriptions, health insurance information, and billing and claims information. Not all data elements were involved for all individuals.

Upon discovery, South Suburban took immediate action to prevent further unauthorized activity by resetting the user password for the compromised email account and blocking malicious IP addresses and URLs. They also engaged a leading security firm to conduct an investigation. The internal network and systems of South Suburban were not affected by this incident. The review of the incident was completed on June 5, 2023, and South Suburban has since retired the legacy environment where the breach occurred and has enhanced their security controls and monitoring practices.

South Suburban is offering free credit monitoring and identity restoration services to those whose sensitive information may have been involved in the breach. They have also provided additional information on steps individuals can take to monitor and protect their personal information[1][3][5].

Citations:

  1. https://www.healthcarefacilitiestoday.com/posts/details.aspx?id=28776
  2. https://www.dailyherald.com
  3. https://www.mass.gov/doc/assigned-data-breach-number-29907-south-suburban-surgical-suites-llc/download
  4. https://atriumhealth.org
  5. https://www.hipaajournal.com/healthcare-providers-and-vendors-confirm-recent-phi-disclosure-incidents/
  6. https://www.tampa-xway.com
  7. https://www.rushortho.com/locations/south-suburban-surgical-suites
  8. https://www.inquirer.com
  9. https://www.mass.gov/lists/data-breach-notification-letters-june-2023
  10. https://www.bloomhealthcenters.com
  11. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
  12. https://www.osha.gov/contactus/bystate
  13. https://www.in.gov/attorneygeneral/consumer-protection-division/id-theft-prevention/files/UPDATED_Data-Breach-Year-to-Date-Report-2023.pdf
  14. https://www.mcsweeneys.net/articles/the-complete-listing-atrocities-1-1-056
Breach Submission Date Jun 30, 2023
Converted Entity Name South Suburban Surgical Suites, LLC
Converted Entity Type Healthcare Provider
State IN
Individuals Affected 5,340
Breach Type Hacking/IT Incident

Breach Information Location Email

Business Associate Present Yes