161K-Record Data Breach Reported by Long Island Plastic Surgical Group

November 3, 2024HIPAA News0

New York-based Long Island Plastic Surgical Group reported a hacking incident to the HHS’ Office for Civil Rights at the beginning of this year. The incident affected the protected health information (PHI) of 161,707 people, who may be patients from the 13 plastic surgery centers under the Long Island Plastic Surgical Group.

The group published a substitute breach notice mentioning that external cybersecurity experts investigated the incident and confirmed the network attack from January 4, 2024 to January 8, 2024. A limited amount of patient information was exfiltrated from its network. The file analysis was done on September 15, 2024, and confirmed the theft of full names along with a few or all of these data elements: birth date, Social Security number, passport number, driver’s license number/state ID number, financial account details, medical data, biometric data, medical insurance policy data, and clinical images.

Long Island Plastic Surgical Group stated it did not receive any information on improper use of breached data resulting from the incident; nevertheless, as a safety measure, people who had their Social Security numbers involved were provided free credit monitoring services. According to Long Island Plastic Surgical Group, many safety measures for patient data protection have been implemented. Internal controls will still be evaluated and modified to further improve protection.

Long Island Plastic Surgical Group’s notification letter did not say if the incident was due to a ransomware attack. Nevertheless, the Radar threat group said that it was responsible for the attack. A member of the Radar threat group claimed it executed the attack together with the ALPHV threat group. ALPHV was in charge of the intrusion while Radar handled the data extraction. Radar mentioned that ALPHV got the ransom payment but ALPHV did not pay their cut of the ransom. Radar then made its own ransom demand to keep them from exposing the stolen information; then again, Radar did not get any ransom payment. Recent news stated that the Federal Bureau of Investigation (FBI) had taken over the Radar data leak site.

About Thomas Brown
Thomas Brown worked as a reporter for several years on ComplianceHome. Thomas is a seasoned journalist with several years experience in the healthcare sector and has contributed to healthcare and information technology news publishers. Thomas has a particular interest in the application of healthcare information technology to better serve the interest of patients, including areas such as data protection and innovations such as telehealth. Follow Thomas on X https://x.com/Thomas7Brown

ComplianceHome is a registered trademark. Copyright © 2024 ComplianceHome. All rights reserved.