Posted On September 14, 2022 Consumer Privacy & Data Breaches
On September 2, 2022, the Physicians’ Spine and Rehabilitation Specialists of Georgia reported a data breach with the U.S. Department of Health and Human Services Office for Civil Rights after the practice experienced a cybersecurity incident impacting the security of certain patients’ sensitive information. Based on an official filing from the company, the incident resulted in an unauthorized party gaining access to the patients’ names, addresses, phone numbers, dates of birth, Social Security numbers, driver’s license numbers, medical diagnoses, medical treatment information, and insurance information. After confirming that consumer data was leaked, the Physicians Spine and Rehabilitation Specialists began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the Physicians Spine and Rehabilitation Specialists data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from the Physicians’ Spine and Rehabilitation Specialists of Georgia.
News of the Physicians Spine and Rehabilitation Specialists data breach comes from the practice’s official filing with the U.S. Department of Health and Human Services Office for Civil Rights as well as a notice posted on the practice’s website. According to these sources, on July 11, 2022, the Physicians Spine and Rehabilitation Specialists became aware that the practice had been the target of a cyberattack. Evidently, the attack occurred the week prior to the company’s discovery of the incident, and the hackers claim to have accessed and removed certain sensitive information. The hackers also indicated that they were willing to post the data they stole.
After learning of the cyberattack, Physicians Spine and Rehabilitation Specialists secured its computer network, contacted law enforcement, and began working with an outside cybersecurity firm to assist with the company’s investigation. This investigation confirmed that sensitive information was accessible to the hackers.
Upon discovering that sensitive consumer data was accessible to an unauthorized party, the Physicians’ Spine and Rehabilitation Specialists reviewed the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, address, phone number, date of birth, Social Security number, driver’s license number, medical diagnoses information, medical treatment information, and insurance information.
On September 2, 2022, The Physicians’ Spine and Rehabilitation Specialists sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. According to the U.S. Department of Health and Human Services Office for Civil Rights, the Physicians’ Spine and Rehabilitation Specialists of Georgia data breach affected 39,765 people.
The Physicians’ Spine and Rehabilitation Specialists of Georgia is a practice group of physicians based in Rome, Georgia. The practice is exclusively focused on non-surgical pain management treatment and provides patients with injections, nerve blocks, and nerve stimulators, as well as minimally invasive procedures to treat tendonitis. The Physicians’ Spine and Rehabilitation Specialists employs more than 85 people and generates approximately $17 million in annual revenue.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the Physicians Spine and Rehabilitation Specialists data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
Below is a copy of the initial data breach letter issued by The Physicians’ Spine and Rehabilitation Specialists of Georgia (the actual notice sent to consumers can be found here):
The Physicians’ Spine and Rehabilitation Specialists of Georgia, P.C. is notifying patients of a cybersecurity incident. On approximately July 11, 2022, the Practice was alerted to a cybersecurity incident. Outside information security and other experts were engaged to assist. The team promptly investigated and aggressively responded to mitigate the situation. Passwords were changed and information security systems were restored promptly to avoid any material delays in clinical care. The Practice is continuing to take steps to enhance its security protections and has reported this case to regulatory and law enforcement authorities.
The investigation team determined that, despite numerous security measures that were in place prior to the incident – an outside, unauthorized party accessed the information technology systems the week before discovery and claims to have taken certain information/records that could be posted.
The Practice is unsure exactly what if any personal information was actually taken but thought it best to notify patients of this incident. If any individual’s medical or billing information was taken, it could have included information of the type collected as part of treatment or payment (such as information like name, contact information, date of birth, social security number, driver’s license number, diagnosis, treatment, guarantor, insurance, etc.) – the exact elements of which vary by person/case.
The Practice does not store patient credit card numbers or bank account numbers so those numbers should not be affected. In an abundance of caution, the Practice is offering affected parties free credit monitoring and identity theft insurance through Experian – solely to give patients peace of mind.
Notification letters with the credit monitoring instructions and some additional steps patients can take are being mailed on September 2 to the last known address of affected patients.
If a patient does not receive a letter by September 10 or for more information about this incident, patients may call toll free [Redacted] Monday through Friday from 9 am – 11 pm Eastern, or Saturday and Sunday from 11 am – 8 pm Eastern (excluding major U.S. holidays). The call center will remain open for approximately 90 days.
The Practice is fully committed to protecting personal information and sincerely apologizes for any concern this incident may have caused.