Patient data exposed in breach of Massachusetts-based pain management clinic

North Shore Pain Management (NSPM), a Massachusetts-based healthcare provider, reported on June 18 a network server breach affecting 12,472 individuals.

The breach took place April 16, according to the notice posted on NSPM’s website.

NSPM said it became aware of the incident on April 20 and immediately began working with third-party experts, including the FBI and Secret Service, to investigate.

The investigation revealed that malicious actors had acquired files containing information belonging to patients who directly paid NSPM or North Shore Anesthesia, as well as those whose insurance paid either of the companies between August 1, 2014, and April 16, 2020. The information obtained by bad actors included the following:

• Names
• Dates of birth
• Social Security numbers, if the patient’s insurer used the Social Security number as a member identification number
• Health insurance information, including the name of plan and insurance identification/member number
• For patients who paid their NSPM or North Shore Anesthesia balance via mail with a check or payment card, financial account information and/or payment card information
• Clinical information about care received at NSPM or North Shore Anesthesia, including diagnosis and treatment information and, in limited instances, ultrasound or MRI images

In the notice posted on its website, NSPM said it is offering complimentary credit monitoring to individuals whose Social Security numbers may have been compromised. Additionally, NSPM has established a dedicated call center to address patient questions regarding the breach.