A suburban Indianapolis neurology practice is notifying 363,000 patients that their personal health information may have been compromised in a May 20 ransomware attack, Bank Info Security reported Aug. 4.
Some patient data from the ransomware attack was posted on the dark web. Goodman Campbell Brain and Spine of Carmel, Ind., notified the FBI after the attack, which affected communications systems and resulted in compromised patient information. While no perpetrator has been officially named, the Russian ransomware group Hive was implicated, according to the banking information website.
A federal advisory recently was issued about Hive, known to target healthcare.
Information compromised in the attack included patient names, dates of birth, address, telephone numbers, email addresses, medical record numbers, patient account numbers, diagnosis and treatment information, insurance information and Social Security numbers. Goodman Campbell Brain and Spine said it was unaware of misuse of the data but did provide notification that some data was posted on the dark web for about 10 days.
Goodman Campbell Brain and Spine said it is offering affected individuals 12 months of free credit and identity-monitoring services.