On April 9th, 2024, Angels Neurological Centers in Massachusetts identified suspicious activity in its computer systems. The organization quickly contained the attack and engaged third-party cybersecurity professionals to investigate the incident.
The forensic investigation revealed that the unauthorized actor had gained access to files containing patient information on several occasions between March 3rd and April 9th, 2024. The exposed data varied from individual to individual and included sensitive information such as names, addresses, birth dates, medical records, diagnoses, treatment details, insurance information, and Social Security numbers.
Angels Neurological Centers notified the affected individuals by mail on June 5th, 2024, detailing the incident and the types of information that may have been compromised. The organization emphasized the steps they are taking to mitigate any potential harm caused by the breach.
Additionally, the organization reported the breach to regulators, ensuring that the incident was officially documented and investigated. At the time of notification, the breach was not yet listed on the HHS’ Office for Civil Rights breach portal. The organization continues to work with cybersecurity experts to strengthen its defenses and prevent future incidents.
Reference:
