Indiana’s Goodman Campbell Brain and Spine neurology institution discloses a data breach incident that exposed the protected health information (PHI) of over 360,000 individuals on the dark web.
Although there is no mentioned ransomware group linked with the attack, researchers believe that the notorious Hive group could be involved due to their aggressive cyberattacks against the healthcare industry in the US.
The computer network and communications system of Goodman Campbell suffered from the ransomware attack last May 20. This incident affected the email addresses and mobile devices associated with the neurology institution, including patients’ and employees’ sensitive information.
The FBI, alongside a cybersecurity forensic analysts team, had been contacted when the firm learned about the attack. Based on initial investigations, unauthorised third-party entities have hacked into Goodman Campbell’s systems to steal a massive amount of sensitive data.
Included in the compromised PHI were patient records, appointment schedules, and insurance details. However, the neurology institution noted that its electronic medical record system was unaffected.
Goodman Campbell also detailed that the compromised information from the incident includes full names, birthdates, home addresses, contact details, email addresses, medical and patient record numbers, treatment information, physician names, service dates, and Social Security numbers.
From the notification letter sent by the neurology institution to the affected individuals, there is no indication that the compromised PHI was used for malicious activities. Though, they added that these exposed data had been posted on the dark web for about ten days.
Last June, analysts observed that the Hive ransomware group had posted samples on their leak site allegedly stolen from Goodman Campbell. Some sources backed this information after revealing that the neurology institution’s leaked data are still up and posted on Hive’s site.
All affected people are provided complimentary identity and credit monitoring due to the concerns raised by the ransomware incident. Goodman Campbell also stated that they had launched new security monitoring solutions to strengthen their cybersecurity.
