Cybersecurity Breach at Southern Oregon Neurosurgical Clinic Leads to Lawsuit
A former patient has filed a $5 million lawsuit against Southern Oregon Neurosurgical & Spine Associates (SONSA) in Medford, Oregon, following a November cyberattack that exposed sensitive patient data. The plaintiff alleges the clinic failed to promptly notify affected individuals and maintained inadequate cybersecurity protections, potentially violating HIPAA regulations.
SONSA confirmed the breach stemmed from a phishing attack, compromising names, dates of birth, insurance details, and medical records. CEO Kamee Wearden stated that IT teams contained the incident quickly, minimizing further exposure. However, the plaintiff expressed lingering distrust, citing concerns over privacy protections and the clinic’s handling of the incident.
As of now, SONSA reports no evidence that the stolen data has been misused. The lawsuit highlights ongoing risks in healthcare cybersecurity and the legal consequences of delayed breach notifications.
Source: https://kobi5.com/news/local-news/southern-oregon-neurosurgery-clinic-sued-over-data-breach-293709/
Preferred Realty of Southern Oregon cybersecurity rating report: https://www.rankiteo.com/company/preferred-realty-of-southern-oregon
"id": "PRE1770865338",
"linkid": "preferred-realty-of-southern-oregon",
"type": "Breach",
"date": "11/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Patients',
'industry': 'Healthcare',
'location': 'Medford, Oregon',
'name': 'Southern Oregon Neurosurgical & Spine '
'Associates (SONSA)',
'type': 'Healthcare Clinic'}],
'attack_vector': 'Phishing',
'data_breach': {'personally_identifiable_information': 'Names, dates of '
'birth, insurance '
'details',
'sensitivity_of_data': 'High (medical records, insurance '
'details)',
'type_of_data_compromised': 'Patient data'},
'date_detected': '2023-11',
'description': 'A former patient has filed a $5 million lawsuit against '
'Southern Oregon Neurosurgical & Spine Associates (SONSA) in '
'Medford, Oregon, following a November cyberattack that '
'exposed sensitive patient data. The plaintiff alleges the '
'clinic failed to promptly notify affected individuals and '
'maintained inadequate cybersecurity protections, potentially '
'violating HIPAA regulations.',
'impact': {'brand_reputation_impact': 'Lingering distrust among patients',
'data_compromised': 'Names, dates of birth, insurance details, '
'medical records',
'financial_loss': '$5,000,000 (lawsuit demand)',
'legal_liabilities': 'Potential HIPAA violations'},
'post_incident_analysis': {'root_causes': 'Phishing attack, inadequate '
'cybersecurity protections'},
'references': [{'source': 'Cyber Incident Description'}],
'regulatory_compliance': {'legal_actions': 'Lawsuit filed',
'regulations_violated': 'Potential HIPAA '
'violations'},
'response': {'containment_measures': 'IT teams contained the incident '
'quickly'},
'title': 'Cybersecurity Breach at Southern Oregon Neurosurgical Clinic',
'type': 'Data Breach'}