DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Update: Goodman Campbell Brain and Spine ransomware incident affected 362,833 patients and employees

Posted on August 5, 2022 by Dissent

On June 9, DataBreaches reported that Goodman Campbell Brain & Spine in Indiana had apparently become a ransomware victim of Hive threat actors on or about May 20. The threat actors added the medical practice to their dedicated leak site on June 8 and leaked a “proofpack” that contained passwords for accounts as well as personal and financial information on doctors. The leak also included information on named patients with their diagnoses and procedures, with some insurance information. As DataBreaches noted in that report, the medical practice had already disclosed the incident on their own website.

On July 19, Goodman Campbell updated their website notice again and sent out notification letters to individuals. In a submission to the Maine Attorney General’s Office filed by their counsel at Hall, Render, Killian, Heath & Lyman, P.C., Mark Swearingen indicated that a total of 362,833 persons were affected. The submission does not break down how many of those were employees and how many were patients, and the medical group’s report is not yet displayed on HHS’s public tool to give us the number of patients affected.  What we do know from Goodman Campbell’s disclosures are that the data types for any patient might include their name, date of birth, address, telephone number, email addresses, medical record number, patient account number, diagnosis and treatment information, physician name, insurance information, date(s) of service, and Social Security number.

But the July 19th letter to those affected, provided to the state as a copy of what was sent to those affected contains a curious statement:

While we have no indication that the information of any impacted individuals has been used inappropriately as a result of this incident, we do know that some information acquired by the attacker was made available for approximately 10 days on the Dark Web, which is a portion of the internet that cannot be found by search engines and is not viewable in a standard web browser and is commonly used in these types of attacks.

That statement is not mirrored in their July 19th website update. Nor is it accurate.

In a June 17 update on the Goodman Campbell’s site, they wrote:

While our investigation with forensic experts and law enforcement officials is still ongoing, we have determined that a number of files obtained by the cyber criminals during the course of this cyber-attack have been posted on the dark web.

That statement was accurate. So where did Goodman Campbell get the idea that data may only have been exposed for 10 days? As of a check yesterday, the data from the proofpack posted on June 8 are still freely available.

A listing for Goodman Campbell Brain & Spine remains unchanged on Hive’s dark web leak site as of August 5.

DataBreaches emailed Goodman Campbell yesterday to inquire why they claimed data was on the dark web for (only?) 10 days.  No reply was received.

DataBreaches will continue to monitor dark web sites including Hive’s to see if there is a major data leak from this incident at some point. It would not be unusual for Hive to do a full data leak or dump months after an entity refused to pay ransom.

But even if Hive does not dump more data than they have already leaked, patients and employees of Goodman Campbell should understand that their personal and protected health information is still in the hands of criminals who may dump it or misuse it at any moment.  Goodman Campbell appears to be offering those affected one year of complimentary credit report monitoring through TransUnion. That provides the ability to check your credit report to determine if there are any suspicious changes, but it’s not the same as monitoring dark web sites to see if your name or identity information has shown up anywhere.

In this type of situation where patients and employees may not know when the situation changes, it might be prudent to consider putting a security freeze on your credit report so that new accounts requiring the use of a Social Security number cannot be opened if the lender does a credit report check.

Related posts:

  • Goodman Campbell Brain and Spine alerts patients to ransomware attack while continuing to provide care
  • Kept in the Dark — Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden
  • Lake Charles Memorial Health system victim of cyberattack and data leak by Hive
  • Hive Ransomware’s infrastructure seized; law enforcement “hacked the hackers”
Category: Breach IncidentsCommentaries and AnalysesHealth DataMalwareOf Note

Post navigation

← UK: Former health adviser found guilty of illegally accessing patient records
Malaysian minister says amendments to PDPA in the works after repeated data breached →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity
  • Patient death at London hospital linked to cyber attack on NHS
  • ShinyHunters and team members arrested in France (2)
  • Texas Enacts Liability Shield From Punitive Damages for Certain Small Businesses That Adopt Cybersecurity Programs
  • Dublin ETB fined €125,000 for data protection breaches
  • From $5,000 to $800,000: Days Apart, OCR Security Settlements Show Puzzling Math

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.