$100 Million awarded Since 1994 6,000 Satisfied Clients

Posted On September 29, 2022 Consumer Privacy & Data Breaches

Data Breach Alert: Neurology Center of Nevada

NOTICE: If you received a NOTICE OF DATA BREACH letter from Neurology Center of Nevada, contact the attorneys at Console & Associates at (866) 778-5500 to discuss your legal options, or submit a confidential Case Evaluation form here.

Data Breach AlertOn September 15, 2022, the Neurology Center of Nevada (“NCNV”) reported a data breach with the U.S. Department of Health and Human Services Office for Civil Rights, impacting the sensitive information of 11,700 patients. Based on an official filing from the company, the incident resulted in an unauthorized party gaining access to the following data belonging to certain patients: full names, addresses, dates of birth, genders, driver’s license numbers, Social Security numbers, health insurance information, medical information, diagnosis/treatment information, lab results, and current medications. After confirming that consumer data was leaked, NCNV began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.

If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the NCNV data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from the Neurology Center of Nevada.

What We Know So Far About the Neurology Center of Nevada Breach

Based on a notice posted on the Neurology Center of Nevada website, on July 17, 2022, NCNV noticed that certain computer systems were inaccessible. In response, the company alerted federal law enforcement, restored access to the affected systems, and launched an investigation into the incident to determine what, if any, patient data was exposed during the incident.

The company’s investigation confirmed that an unauthorized party had access to the NCNV network between June 12, 2022 and July 17, 2022, and that some of the files that were accessible contained sensitive patient information.

Upon discovering that sensitive consumer data was accessible to an unauthorized party, the Neurology Center of Nevada then reviewed the affected files to determine what information was compromised and which consumers were impacted. The company’s review is not yet complete; however, based on a preliminary investigation, NCNV reports that the breached information may include your full name, address, date of birth, genders, driver’s license number, Social Security number, health insurance information, medical information, diagnosis/treatment information, lab results, and current list of medications.

On September 15, 2022, the Neurology Center of Nevada sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

More Information About Neurology Center of Nevada

Founded in 2005, Neurology Center of Nevada is a healthcare provider that specializes in the diagnosis and treatment of the nervous system and neurological disorders. The company also treats those suffering from sleep disturbances, such as obstructive, complex and central sleep apnea. NCNV operates several locations in Las Vegas, Henderson, and Pahrump, NV. The Neurology Center of Nevada employs more than 25 people, ten of which are neurologists, and generates between $5 to $25 million in annual revenue.

Was the NCNV Data Breach Caused by a Ransomware Attack?

While NCNV provided a fairly detailed Notice of Data Security Event on the practice group’s website, the notice did not elaborate on how hackers were able to gain access to its computer network. However, the language used in the notice provides some indication that it may have been the result of a ransomware attack. More specifically, when NCNV explains that its systems were “inaccessible,” that suggests a ransomware attack.

A ransomware attack is a type of cyberattack involving the encryption of a company’s computer network. In essence, encryption is a valid security process that encodes files, making them inaccessible to anyone without the encryption key. However, cybercriminals use encryption as a way to extort money from companies.

Ransomware attacks start with a hacker installing malware on a company’s computer network. Hackers usually do this by sending a phishing email to an employee in hopes of getting them to click on a malicious link; however, there are other ways hackers orchestrate these attacks.

Once the malware is installed on the company’s IT system, it then encrypts the files on the computer and may infect other parts of the network. The hackers then demand the company pays a ransom in exchange for the encryption key. Once the company pays the ransom, the hackers decrypt their computer, which ends the attack—at least from the company’s perspective.

In a relatively recent development, in addition to locking a company out of its own computer system, hackers have started to threaten to publish any stolen data if a company refuses to pay the ransom. For example, hackers may post a sample of the stolen data on the dark web, seeking bidders.

Of course, while companies that are targeted in a ransomware attack are victims in some sense, the real victims of these attacks are the consumers whose information ends up in the hands of those looking to commit fraud.

If You Have Questions About Your Rights Following the Neurology Center of Nevada Data Breach, Console & Associates, P.C. Can Help

At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the NCNV data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.

To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.

Below is a copy of the initial data breach letter issued by the Neurology Center of Nevada (the actual notice sent to consumers can be found here):

Dear [Redacted],

The Neurology Center of Nevada (“NCNV”) is issuing notice of a recent data security event that may impact the confidentiality of information related to certain individuals. We are providing information about the event, our response, and steps potentially affected individuals may take to better protect against the possibility of identity theft and fraud, should they feel it is appropriate to do so.

What Happened? On July 17, 2022, we identified certain computer systems were inaccessible. We promptly undertook an extensive investigation to determine the nature and scope of the event. We also reported the event to federal law enforcement. Because the impacted systems contained patient information, we worked quickly to restore access to the systems to continue patient care without disruption, and investigate to determine if the event resulted in any unauthorized access to patient information.

The investigation subsequently determined that between June 12, 2022 and July 17, 2022, certain files were accessed by an unknown actor. In an abundance of caution, we are conducting a comprehensive review of the information on the impacted systems to determine what information was contained therein and to whom the information related. Once this review is complete, we will work to confirm the identities and contact information for any potentially affected individuals and provide appropriate notifications via written letter.

What Information Was Affected. The types of impacted information varies by individual and could have included: full name, address, date of birth, gender, driver’s license, Social Security number, health insurance information, and medical information, including diagnosis/treatment information, lab results, and medications.

What We Are Doing. We take this event and information security very seriously. Upon learning of this event, we immediately took steps to further secure our systems and restore our operations. As part of our ongoing commitment to information security, we are reviewing our existing policies and procedures and implementing additional administrative and technical safeguards to further secure information in our care. We also reported the event to the U.S. Department of Health and Human Services and federal law enforcement.

What Affected Individuals Can Do. As a precautionary measure, individuals are encouraged to remain vigilant against incidents of identity theft by reviewing account statements, credit reports, and explanations of benefits for unusual activity and to detect errors. Any suspicious activity should be reported promptly to your insurance company, health care provider, or financial institution. Additional information can be found below in the Steps You Can Take to Help Protect Your Information.

For More Information. If you have additional questions, please call our toll-free assistance line at (800) 764-3085, Monday through Friday, during the hours of 9:00 a.m. to 5:00 p.m., Pacific time (excluding U.S. holidays). You may also write to NCNV at 2430 W. Horizon Ridge Parkway, Henderson, NV 89052.

NOTICE: If you received a NOTICE OF DATA BREACH letter from Neurology Center of Nevada, contact the attorneys at Console & Associates at (866) 778-5500 to discuss your legal options, or submit a confidential Case Evaluation form here.