South Suburban Surgical Suites Hit by Breach

The breach came via a phishing email attack.

By HFT Staff


On April 3, 2023, South Suburban Surgical Suites, LLC (South Suburban) discovered that an unauthorized third party gained access to a legacy Microsoft Office 365-hosted business email account through phishing. “Phishing” occurs when an email is sent that looks like it is from a trustworthy source, but it is not. The phishing email prompts the recipient to share or give access to certain information. Upon discovery, South Suburban immediately took action to prevent any further unauthorized activity, began an investigation, and a leading security firm was engaged. On May 1, 2023, South Suburban learned that this incident may have involved personal information. Based on the investigation, the unauthorized party was able to access the business email account between February 20, 2023 and April 3, 2023. This email account is separate from South Suburban’s internal network and systems, which were not affected by this incident. Through the review, which was completed on June 5, 2023, South Suburban determined that personal information of affected individuals was in the impacted business email account. 

Personal information involved in this incident may have included one or more of the following elements: (1) information to identify the individual (such as full name, address, and date of birth); (2) Social Security number, driver’s license/state ID number, passport number, credit card information, and/or financial account information; (3) medical and/or treatment information (such as medical record number, dates of service, provider, diagnosis or procedure information, and prescription/medication); (4) health insurance information (such as payor name and subscriber/Medicare/Medicaid number); and (5) billing and claims information. Please note that not all data elements were involved for all individuals. 

South Suburban takes privacy and security very seriously. As soon as South Suburban discovered the incident, it immediately took action to prevent any further unauthorized activity, including resetting the user password for the business email account where unauthorized activity was detected and blocking malicious IP addresses and URLs. South Suburban has enhanced and continues to enhance its security controls and monitoring practices as appropriate to minimize the risk of any similar incident in the future, and it has retired the legacy environment in which the incident occurred. 

South Suburban is providing additional information on general steps individuals can take to monitor and protect their personal information in Additional Resources at the top of this page. Individuals should carefully review credit reports and statements sent from healthcare providers and financial institutions as well as their insurance company to ensure that all account activity is valid. Any questionable charges should be promptly reported to the company which maintains the account. For individuals whose Social Security number, driver’s license/state ID number, passport number, credit card information, and/or financial account information may have been involved, South Suburban has arranged to offer free credit monitoring and identity restoration services to these individuals. 



July 19, 2023


Topic Area: Information Technology , Safety , Security


Recent Posts

Waco Family Medicine Achieves Savings and Bold Design with Wood Selections

Case study: The healthcare facility incorporated over 25,000 square feet of wood and saved over $400,000.


Alleged Ransomware Administrator Extradited from South Korea

The Phobos ransomware has been used globally to target over 1,000 organizations, including healthcare.


Design Plans Unveiled for New Intermountain St. Vincent Regional Hospital

The new hospital will be a 14-floor, 737,000 square-foot facility in Billings, Montana.


Ground Broken on New Pediatric Health Campus in Dallas

The new campus will replace the existing Children’s Medical Center Dallas.


Pre-Construction Strategies for Successful Facilities Projects

Savvy decisions can help facilities meet long-term goals by creating consistency and eliminating waste.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.