The private health information of more than 15,000 patients was exposed after a Michigan surgical group was hacked.
The physician practice, Northeast Surgical Group, reported the breach to federal regulators Monday and classified it as a “hacking/IT incident,” public records show.
It appears that patient information was uploaded to the dark web by ransomware group BianLian, Brett Callow, a threat analyst for cybersecurity firm Emsisoft, confirmed for Healthcare Dive.
Northeast Surgical Group said it “does not have any evidence to indicate that any personal information has been or will be misused as a result of this incident,” according to an online statement.
The surgical practice said it detected “suspicious activity within its network environment” on Jan. 8, which prompted the group to hire cybersecurity specialists to investigate.
Investigators discovered that an unknown party was able to view addresses, Social Security numbers, birth dates and medical and treatment information.
The physician group said it is offering affected patients free credit monitoring services. The group plans to provide fraud assistance if a patient’s identity is compromised.