25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

PHI of Almost 93,000 Patients Compromised in Cyberattack on NS Support

Posted By on Dec 17, 2025

NS Support LLC, a Boise, Idaho-based healthcare provider specializing in neurosurgical treatment for conditions such as brain tumors, reported a hacking-related data breach to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) on November 21, 2025, that affected up to 92,845 individuals.

Unauthorized access to its computer network was detected on or around May 29, 2025, and third-party digital forensics specialists were engaged to assist with the investigation and ensure the security of its network. The investigation confirmed that there had been unauthorized network access and that files had been exfiltrated from its network. Following a detailed review of the affected files, NS Support determined on November 7, 2025, that patients’ protected health information was involved.

The data compromised in the incident included first and last names and medical information in the form of notes that had been transcribed from appointments with a physician. Social Security numbers and financial information were not compromised in the incident, and NS Support has not identified any misuse of the compromised data. Notification letters were mailed to the affected individuals on or around November 21, 2025.

NS Support said several steps were taken in response to the security incident. Once unauthorized network access was confirmed, the affected systems were wiped and rebuilt, with additional security measures implemented to prevent similar incidents in the future. Data security policies and procedures are being reviewed and will be altered accordingly to strengthen security, and network security software is also being assessed.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Due to the nature of the exposed data, credit monitoring and identity theft protection services have not been offered. NS Support said there are no indications that patient data will be misused in the future; however, patients have been provided with further information on steps they can take should they be concerned about potential misuse of their personal information, such as placing a fraud alert on their credit file.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist