South Suburban Surgical Suites Hit by Breach

The breach came via a phishing email attack.

By HFT Staff


On April 3, 2023, South Suburban Surgical Suites, LLC (South Suburban) discovered that an unauthorized third party gained access to a legacy Microsoft Office 365-hosted business email account through phishing. “Phishing” occurs when an email is sent that looks like it is from a trustworthy source, but it is not. The phishing email prompts the recipient to share or give access to certain information. Upon discovery, South Suburban immediately took action to prevent any further unauthorized activity, began an investigation, and a leading security firm was engaged. On May 1, 2023, South Suburban learned that this incident may have involved personal information. Based on the investigation, the unauthorized party was able to access the business email account between February 20, 2023 and April 3, 2023. This email account is separate from South Suburban’s internal network and systems, which were not affected by this incident. Through the review, which was completed on June 5, 2023, South Suburban determined that personal information of affected individuals was in the impacted business email account. 

Personal information involved in this incident may have included one or more of the following elements: (1) information to identify the individual (such as full name, address, and date of birth); (2) Social Security number, driver’s license/state ID number, passport number, credit card information, and/or financial account information; (3) medical and/or treatment information (such as medical record number, dates of service, provider, diagnosis or procedure information, and prescription/medication); (4) health insurance information (such as payor name and subscriber/Medicare/Medicaid number); and (5) billing and claims information. Please note that not all data elements were involved for all individuals. 

South Suburban takes privacy and security very seriously. As soon as South Suburban discovered the incident, it immediately took action to prevent any further unauthorized activity, including resetting the user password for the business email account where unauthorized activity was detected and blocking malicious IP addresses and URLs. South Suburban has enhanced and continues to enhance its security controls and monitoring practices as appropriate to minimize the risk of any similar incident in the future, and it has retired the legacy environment in which the incident occurred. 

South Suburban is providing additional information on general steps individuals can take to monitor and protect their personal information in Additional Resources at the top of this page. Individuals should carefully review credit reports and statements sent from healthcare providers and financial institutions as well as their insurance company to ensure that all account activity is valid. Any questionable charges should be promptly reported to the company which maintains the account. For individuals whose Social Security number, driver’s license/state ID number, passport number, credit card information, and/or financial account information may have been involved, South Suburban has arranged to offer free credit monitoring and identity restoration services to these individuals. 



July 19, 2023


Topic Area: Information Technology , Safety , Security


Recent Posts

Disinfectant Dispensers in Healthcare Facilities Often Fail to Deliver Safe Concentrations: Study

Study of 10 hospitals finds 90 percent have at least one dispenser delivering disinfectants at incorrect concentrations.


Duke University Health System Receives $50 Million for Proton Beam Therapy Center

The donation is the largest philanthropic gift received by Duke University Health System.


UT Southwestern Experiences Data Breach Through Calendar Tool

The incident occurred in October.


Protecting Patient Data: Strategies and Tactics

As cyber threats and breaches grow, healthcare organizations and facilities need a better approach to cybersecurity.


Duke Health to Acquire Lake Norman Regional Medical Center

The closing is projected for the first quarter of 2025.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.