Georgia & Missouri Healthcare Providers Notify Patients About 2024 Hacking Incidents
The Neurological Institute of Savannah & Center for Spine and East Central Missouri Behavioral Health Services have started notifying individuals about hacking incidents and data breaches that occurred last year.
The Neurological Institute of Savannah & Center for Spine
The Neurological Institute of Savannah & Center for Spine (NeuroSav) in Georgia has announced a data breach from last summer. The HIPAA Journal first reported a potential data breach in August 2024, after the RansomHub ransomware group added NeuroSav to its dark web data leak site. RansomHub claimed to have exfiltrated “hundreds of gigabytes of data,” but said that, as a “goodwill gesture,” files were not encrypted.
In an April 15, 2025, breach notice on the NeuroSav website, the Georgia healthcare provider explained that an unauthorized third party acquired certain files from its computer systems between June 1, 2024, and July 21, 2024. A leading cybersecurity firm was engaged to investigate the incident and determine the extent of data theft. On or around January 24, 2025, NeuroSav confirmed that the stolen dataset contained sensitive patient data. The types of data involved varied from individual to individual and may have included patient names along with one or more of the following: dates of birth, diagnoses/conditions, lab test results, MRI imaging scans, medications, medical record numbers, claims information, subscriber numbers, CPT codes, and for a limited number of individuals, Social Security numbers.
Notification letters are being mailed to the 32,548 affected individuals, and complimentary credit monitoring services have been offered. NeuroSav said it is unaware of any instances of the stolen data being used for identity theft or fraud. NeuroSav said it had implemented practices to safeguard sensitive patient data prior to the breach and has been enhancing those safeguards since, including adopting additional encryption technologies, global password rotation across all access points and programs, and new and periodic technical safeguards, in addition to providing additional training to the workforce.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
East Central Missouri Behavioral Health Services (Arthur Center Community Health)
East Central Missouri Behavioral Health Services, doing business as Arthur Center Community Health, recently announced a hacking and data theft incident that was first reported to the HHS’ Office for Civil Rights last year. Unauthorized activity was identified in its computer network on September 2, 2024, with the forensic investigation confirming that hackers had access to its network between August 20, 2024, and September 17, 2024.
The review of the affected data was completed on March 25, 2025, when it was confirmed that the hackers obtained first and last names, mailing addresses, phone numbers, email addresses, and dates of birth, in combination with one or more of the following: diagnosis/condition information, billing/claim information, Social Security numbers, driving license numbers, patient account numbers, provider information, and/or health insurance information.
The data breach was reported to the HHS’ Office for Civil Rights on November 21, 2024, as involving the protected health information of up to 20,000 individuals; however, the file review has only recently been completed. Arthur Center Community Health said notification letters have been mailed to the affected individuals on a rolling basis, and individuals whose Social Security numbers were stolen have been offered complimentary single-bureau credit monitoring and identity theft protection services.
