Data Compromised in Cyberattacks on LivaNova and Neurobehavioral Medicine Consultants
Cyberattacks have been reported by the medical device manufacturer LivaNova (129,219 individuals) and Neurobehavioral Medicine Consultants in Ohio (18,182 individuals).
LivaNova
The Italian American medical device manufacturer LivaNova has notified 180,000 individuals* about the exposure of their personal and protected health information (PHI) in a cyberattack. Suspicious activity was identified within its network on November 19, 2023. Action was immediately taken to secure its systems and third-party cybersecurity experts were engaged to assist with the investigation and remediation efforts. The investigation confirmed that an unauthorized third party gained access to its network on or around October 26, 2023, and retained access until the intrusion was identified on November 19. The nature of the cyberattack was not disclosed; however, LivaNova said that it disrupted parts of its IT systems and access was gained to parts of the network that contained patient information.
The file review confirmed that the following types of information were exposed in the incident: name; contact information such as address and phone number; Social Security number; date of birth; medical information such as diagnosis, condition, treatment information, prescription, physician, medical record number, and device serial number); and health insurance information. The types of information involved varied from individual to individual.
LivaNova has taken steps to improve security and has offered the affected individuals complimentary credit monitoring and identity theft protection services for 24 months.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
* This article has been updated since publication. The original post stated that 129,000 individuals had been affected.
Neurobehavioral Medicine Consultants
Neurobehavioral Medicine Consultants, a Bellaire, OH-based psychiatric center, has discovered unauthorized access to its computer network. Suspicious activity was identified on its computer network on March 6, 2024. Its network was immediately isolated to prevent further unauthorized access and digital forensic experts were engaged to determine the nature and scope of the activity. The forensic investigation confirmed on April 17, 2024, that there had been unauthorized access to a single storage location on its computer network between March 1, 2024, and March 6, 2024.
It was not possible to determine whether the personal and protected health information of particular patients was accessed or acquired in the attack, only that patient information had been exposed. A review of the affected files confirmed that the protected health information of 18,182 patients has been exposed, including names, addresses, telephone numbers, dates of birth, Social Security numbers, driver’s license numbers, diagnosis/condition information, lab test results, medications, claims information, and health insurance information.
Neurobehavioral Medicine Consultants said it is reviewing its data security policies and procedures, assessing its security infrastructure, and will be implementing additional safeguards to improve security. The affected patients have been notified about the data breach and offered complimentary single-bureau credit monitoring services.
