Northwest Medical Specialties PLLC (NWMS)

Northwest Medical Specialties PLLC (NWMS), a Washington-based physician-owned healthcare practice, suffered a data breach after an unauthorized actor accessed its network on August 18, 2025. The investigation confirmed that personal patient information (PII and PHI) including names, dates of birth, Social Security numbers, health insurance details, and medical records was possibly copied by the hacker. The breach impacted 3,846 patients, prompting disclosures to the U.S. Department of Health and Human Services (HHS) and the Washington Attorney General’s office on August 28, 2025. NWMS began notifying affected individuals via mail on September 3, 2025, offering 12 months of free TransUnion Cyberscout credit monitoring and identity protection services as mitigation. The breach exposes victims to risks of identity theft, financial fraud, and phishing attacks, with long-term reputational and operational consequences for the healthcare provider. The incident underscores vulnerabilities in safeguarding sensitive health data, potentially violating HIPAA compliance and eroding patient trust.

Source: https://www.claimdepot.com/data-breach/northwest-medical-specialties-2025

TPRM report: https://www.rankiteo.com/company/nwms

"id": "nwm4172041090625",
"linkid": "nwms",
"type": "Breach",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '3,846 patients',
                        'industry': 'Healthcare',
                        'location': 'Washington, USA',
                        'name': 'Northwest Medical Specialties PLLC (NWMS)',
                        'type': 'Healthcare Practice'}],
 'customer_advisories': 'Notified via mail with recommendations for credit '
                        'monitoring and fraud prevention',
 'data_breach': {'data_exfiltration': 'Possibly copied by the hacker',
                 'number_of_records_exposed': '3,846',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High (PII and PHI)',
                 'type_of_data_compromised': ['Names',
                                              'Dates of birth',
                                              'Social Security numbers',
                                              'Health insurance information',
                                              'Medical records']},
 'date_detected': '2025-08-18',
 'date_publicly_disclosed': '2025-08-28',
 'description': 'Northwest Medical Specialties PLLC (NWMS), a physician-owned '
                'healthcare practice based in Washington, experienced a data '
                'breach on August 18, 2025. An unauthorized actor accessed '
                'data stored on its network, potentially copying personal '
                'patient information, including PII and PHI. The breach '
                'affected 3,846 patients, with notifications sent out on '
                'September 3, 2025. NWMS is offering 12 months of free credit '
                'monitoring and identity protection services to affected '
                'individuals.',
 'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
                                       'exposure of sensitive patient data',
            'data_compromised': ['Personally Identifiable Information (PII)',
                                 'Protected Health Information (PHI)'],
            'identity_theft_risk': 'High (due to exposure of SSNs, medical '
                                   'records, and insurance information)',
            'legal_liabilities': 'Disclosure to U.S. Department of Health and '
                                 'Human Services and Washington Attorney '
                                 "General's office",
            'systems_affected': ['Network storage']},
 'initial_access_broker': {'high_value_targets': ['Patient PII and PHI']},
 'investigation_status': 'Completed (determined data was accessed and possibly '
                         'copied)',
 'recommendations': ['Sign up for the free credit monitoring services provided '
                     'by NWMS.',
                     'Monitor credit reports and financial accounts for '
                     'unusual activity.',
                     'Be alert for phishing emails or calls exploiting exposed '
                     'information.',
                     'Consider placing a fraud alert or credit freeze with '
                     'major credit bureaus.'],
 'references': [{'source': 'Northwest Medical Specialties PLLC Breach '
                           'Notification'},
                {'source': 'Northwest Medical Specialties Website'}],
 'regulatory_compliance': {'regulatory_notifications': ['U.S. Department of '
                                                        'Health and Human '
                                                        'Services',
                                                        'Washington Attorney '
                                                        "General's office"]},
 'response': {'communication_strategy': 'Notified affected individuals via '
                                        'mail (starting September 3, 2025) and '
                                        'disclosed to regulatory bodies '
                                        '(August 28, 2025)',
              'incident_response_plan_activated': True,
              'recovery_measures': 'Offered 12 months of free TransUnion '
                                   'Cyberscout single-bureau credit monitoring '
                                   'and identity protection services to '
                                   'affected individuals'},
 'threat_actor': 'Unauthorized actor',
 'title': 'Northwest Medical Specialties PLLC Data Breach',
 'type': 'Data Breach'}