NESSM Data Breach Exposes Patients' Sensitive Info

On or about late December 2023 through early January 2024, Northeast Spine and Sports Medicine, LLC (NESSM) experienced a significant data breach. The breach was discovered on January 8, 2024, and was attributed to an unauthorized intrusion by the Bian Lian cyber organization.

During this breach, the attackers gained access to NESSM's network and compromised a variety of sensitive information.

The data breach affected a range of personal and medical information. While the exact number of individuals impacted has not been conclusively determined, the compromised data elements may have included:

• Full names
• Sex/gender
• Addresses
• Phone numbers
• Dates of birth
• Social Security numbers
• Medical data
• Medical billing and financial data
• Insurance and payment information
• Medical record numbers
• Health plan beneficiary numbers
• Account numbers

This breach is severe due to the sensitive nature of the data involved, including both personal identifiers and detailed medical information. The unauthorized access to such data poses significant risks of identity theft and financial fraud.

Northeast Spine and Sports' Response

In response to the breach, NESSM took immediate action to mitigate the impact and prevent further unauthorized access. They engaged their technology management provider to secure and isolate affected systems. Additionally, NESSM hired a leading cybersecurity firm to conduct a thorough forensic investigation.

To bolster their security measures, NESSM implemented enhanced multi-factor authentication, system patches, firewall upgrades, and event monitoring. These steps aim to protect against future intrusions and safeguard patient privacy.

Steps for Affected Individuals

If you have been affected by this data breach, it is crucial to take proactive measures to protect your personal information. Here are some steps you can take:

1. Enroll in Credit Monitoring: NESSM is offering free credit monitoring and identity theft protection services through Experian IdentityWorks for two years. Visit Experian IdentityWorks and use the provided code to enroll by January 31, 2025.
2. Place a Fraud Alert: Consider placing a fraud alert on your credit file to protect against identity theft. Contact any of the major credit bureaus to initiate this process.
3. Review Account Statements: Regularly check your financial and medical account statements for any unauthorized activity. Report any suspicious transactions immediately.
4. Order Your Credit Report: Obtain your free annual credit report from Annual Credit Report and review it for any inaccuracies or unfamiliar accounts.
5. Consider a Security Freeze: You may also place a security freeze on your credit report to prevent new accounts from being opened in your name without your consent. Contact each of the major credit bureaus to request a freeze.
6. Stay Informed: Keep an eye on communications from NESSM for any updates or additional steps you may need to take.

For further details on the breach, you can view the disclosure on the Massachusetts Attorney General's website.