Neurosurgical Associates of New Jersey Breach Leaves Confidential Data Vulnerable
Recently, Neurosurgical Associates of New Jersey, an American medical center, announced a security breach wherein an unauthorized malicious actor accessed the email of one of the company’s employees and subsequently is believed to have extracted confidential patient data from the organization’s system.
The exact number of victims is not disclosed, but they are undoubtedly in the thousands, considering the medical center operates 11 clinics throughout New Jersey and generates about $7.5 million in revenue annually.
The compromised information includes names, addresses, social security numbers, medical insurance policy numbers, medical record numbers, patient account numbers, medical histories, and complete treatment details.
According to the provided information, on October 4, 2023, two months before the public disclosure of the incident, the company detected suspicious activity in its corporate email account. In response, measures were taken to secure the system and an investigation was initiated in collaboration with external cybersecurity experts.
“We are in the process of reviewing documents present in the account at the time of the unauthorized access to identify any personal information that may have been present. However, information stored in the email account may have included some combination of patient names, addresses, Social Security numbers, health insurance policy numbers, medical record numbers, patient account numbers, medical history, and treatment information.”
All patients of the medical center, whose data could have been accessed from the compromised account, have already been notified via email of any potential risks.
On the incident page, the company advised affected individuals to vigilantly monitor their financial transactions and visit the FTC website for recommendations to protect against identity theft.
The company assures that it has taken all possible measures to prevent similar incidents in the future, including conducting a global password reset and implementing multi-factor authentication.
Furthermore, the company will provide free credit monitoring and other related services to any clients who experience malicious use of their data.
