The Neurology Center of Nevada suffered a data breach between June 12, 2022, and July 17, 2022, as reported by the Vermont Office of the Attorney General on November 11, 2022. Unauthorized actors potentially accessed sensitive patient information, including full names, addresses, dates of birth, health insurance details, medical records, and for a limited number of individuals Social Security numbers. The breach exposed highly confidential data, raising concerns over identity theft, financial fraud, and misuse of medical histories. While the exact number of affected individuals was not specified, the inclusion of Social Security numbers and protected health information (PHI) significantly elevates the risk of long-term harm, including medical identity theft and targeted phishing attacks. The incident underscores vulnerabilities in healthcare data security, particularly in specialized medical practices handling sensitive patient records. No immediate evidence suggested the data was exfiltrated for ransom or malicious exploitation beyond unauthorized access, but the exposure of such critical details warrants heightened monitoring for affected individuals. The breach aligns with broader trends of cyber threats targeting healthcare providers, where patient data remains a prime target for cybercriminals.
Source: https://ago.vermont.gov/document/2022-11-11-neurology-center-nevada-notice-consumer
TPRM report: https://www.rankiteo.com/company/neurology-center-of-las-vegas
"id": "neu238090225",
"linkid": "neurology-center-of-las-vegas",
"type": "Breach",
"date": "6/2022",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Limited number of individuals',
'industry': 'Healthcare',
'location': 'Nevada, USA',
'name': 'Neurology Center of Nevada',
'type': 'Healthcare Provider'}],
'data_breach': {'data_exfiltration': 'Potential (unconfirmed if data was '
'exfiltrated)',
'number_of_records_exposed': 'Limited number (exact count '
'unspecified)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes SSNs, medical, and '
'insurance data)',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_publicly_disclosed': '2022-11-11',
'description': 'The Vermont Office of the Attorney General reported that '
'Neurology Center of Nevada experienced a data breach where '
'patient information may have been accessed between June 12, '
'2022, and July 17, 2022. The affected information could '
'include full names, addresses, dates of birth, health '
'insurance information, medical information, and potentially '
'Social Security numbers for a limited number of individuals.',
'impact': {'data_compromised': ['Full names',
'Addresses',
'Dates of birth',
'Health insurance information',
'Medical information',
'Social Security numbers (limited)'],
'identity_theft_risk': 'Potential (due to exposed PII)'},
'initial_access_broker': {'reconnaissance_period': 'Potential period: '
'2022-06-12 to 2022-07-17'},
'investigation_status': 'Ongoing or undisclosed',
'references': [{'date_accessed': '2022-11-11',
'source': 'Vermont Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential HIPAA violation '
'(unconfirmed)'],
'regulatory_notifications': 'Reported to Vermont '
'Office of the Attorney '
'General'},
'response': {'communication_strategy': 'Public disclosure via Vermont Office '
'of the Attorney General'},
'title': 'Data Breach at Neurology Center of Nevada',
'type': 'Data Breach'}