Compromised data could include names, dates of birth and medical records, but addresses and Social Security numbers were not affected, the practice told BizWest.
“On Sept. 21, 2021, [Boulder Neurosurgical & Spine Associates] detected a compromise to one of its business email accounts … [and] quickly engaged cybersecurity experts and a leading incident response team to secure the subject email account, assess the extent of the unauthorized activity and remediate any damage caused by the incident,” the practice said in a news release.
A third-party IT forensics firm launched an investigation to determine what information could have been exposed in the incident, which was reported to HHS on Nov. 29.
Boulder Neurosurgical & Spine Associates, a six-physician group, said it has notified individuals who might be affected by the breach.
The practice told Becker’s it did not have additional comment at this time.
