Neurosurgical Associates of New Jersey recently experienced a data security incident that may have impacted protected health information (PHI) of some of the patients to whom we provide services. We are in the process of notifying any impacted patients directly, and have provided more information about what occurred and what we are doing in response below.
What Happened?
On October 4, 2023, we became aware of suspicious activity associated with one of our corporate email accounts. We immediately implemented our incident response protocols and engaged external cybersecurity experts to conduct a forensic investigation to help us determine what occurred and whether any personal information was at risk. The investigation was unable to determine whether any information in the email account was accessed or taken during the unauthorized access. Out of an abundance of caution, we decided to review all documents present in the email account at the time of the unauthorized access for any personal information.
What Information Was Involved?
We are in the process of reviewing documents present in the account at the time of the unauthorized access to identify any personal information that may have been present. However, information stored in the email account may have included some combination of patient names, addresses, Social Security numbers, health insurance policy numbers, medical record numbers, patient account numbers, medical history, and treatment information.
What we are doing:
We have taken steps to prevent a similar incident in the future, including conducting a global password reset and implementing multifactor authentication on any remote access to email. We will also offer impacted individuals whose Social Security number was affected credit monitoring and identity restoration services at no cost.
What You Can Do:
It is always a good idea to remain vigilant for incidents of identity theft or fraud, including reviewing credit reports and financial statements for suspicious activity. Individuals can also visit https://consumer.ftc.gov/features/identity-theft for more information on how to protect their identity.
For more information:
If you have any questions or concerns, please call 1-833-603-4314, Monday through Friday from 8:00 a.m. to 8:00 p.m. Eastern Time. The privacy and security of patient information is important to us, and we will continue to take steps to protect information in our care.