Cyberattack on NS Support Exposes PHI of Nearly 93,000 Patients
NS Support LLC, a Boise, Idaho-based healthcare provider specializing in neurosurgical treatment, reported a data breach to the HHS Office for Civil Rights (OCR) on November 21, 2025, affecting 92,845 individuals. The incident stemmed from unauthorized network access detected on May 29, 2025, prompting an investigation with third-party digital forensics experts.
The breach involved the exfiltration of files containing protected health information (PHI), including patients’ first and last names and transcribed medical notes from physician appointments. Social Security numbers and financial data were not compromised, and no misuse of the exposed information has been identified.
Following the discovery, NS Support took immediate action, wiping and rebuilding affected systems while implementing additional security measures. The organization is also reviewing and updating its data security policies and network software to prevent future incidents.
Notification letters were mailed to impacted individuals on November 21, 2025. Due to the nature of the exposed data, credit monitoring services were not offered, though patients were advised on precautionary steps, such as placing fraud alerts on their credit files.
Source: https://www.hipaajournal.com/ns-support-data-breach/
N S DEVELOPMENT LLC cybersecurity rating report: https://www.rankiteo.com/company/ns-development
"id": "NS-1765987062",
"linkid": "ns-development",
"type": "Cyber Attack",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '92,845',
'industry': 'Healthcare',
'location': 'Boise, Idaho, USA',
'name': 'NS Support LLC',
'type': 'Healthcare Provider'}],
'attack_vector': 'Hacking',
'customer_advisories': 'Patients advised on steps to take if concerned about '
'potential misuse of personal information, such as '
'placing a fraud alert on their credit file',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '92,845',
'personally_identifiable_information': 'First and last names, '
'medical notes from '
'physician '
'appointments',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Protected Health Information '
'(PHI)'},
'date_detected': '2025-05-29',
'date_publicly_disclosed': '2025-11-21',
'description': 'NS Support LLC, a Boise, Idaho-based healthcare provider '
'specializing in neurosurgical treatment, reported a '
'hacking-related data breach affecting up to 92,845 '
'individuals. Unauthorized access to its computer network was '
'detected on or around May 29, 2025, with files exfiltrated '
'containing protected health information.',
'impact': {'data_compromised': 'Protected Health Information (PHI)',
'identity_theft_risk': 'Potential',
'payment_information_risk': 'None',
'systems_affected': 'Computer network'},
'investigation_status': 'Completed',
'post_incident_analysis': {'corrective_actions': 'Systems wiped and rebuilt; '
'additional security '
'measures implemented; data '
'security policies under '
'review'},
'ransomware': {'data_exfiltration': 'Yes'},
'recommendations': 'Review and strengthen data security policies and '
'procedures; assess network security software; provide '
'guidance to patients on fraud alerts',
'references': [{'source': 'HIPAA Journal'}],
'regulatory_compliance': {'regulations_violated': 'HIPAA',
'regulatory_notifications': 'Reported to HHS Office '
'for Civil Rights '
'(OCR)'},
'response': {'communication_strategy': 'Notification letters mailed to '
'affected individuals',
'containment_measures': 'Affected systems were wiped and rebuilt',
'remediation_measures': 'Additional security measures '
'implemented; data security policies and '
'procedures under review; network '
'security software being assessed',
'third_party_assistance': 'Digital forensics specialists'},
'title': 'PHI of Almost 93,000 Patients Compromised in Cyberattack on NS '
'Support',
'type': 'Data Breach'}