Cyber Incident Victim: K and B Surgical Center
Date:
Mar 2021
Location:
United States of America
Summary
An unauthorized individual gained access to K and B Surgical Center's computer network, compromising servers containing patient protected health information over a multi-day period. The breach exposed names, contact details, driver’s license numbers, medical diagnoses, treatment details, insurance information, Medicare/Medicaid identifiers, and lab results for 14,772 individuals. Following forensic confirmation of the intrusion, the center implemented enhanced security measures including system-wide password resets, upgraded antivirus software, VPN and email security improvements, and staff retraining. Affected patients were notified several months post-discovery and offered complimentary credit monitoring and identity theft protection services for one year, though no misuse of data had been reported at the time of notification.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 30, 2021, K and B Surgical Center in Beverly Hills, California, detected unauthorized access to its computer network. A subsequent third-party forensic investigation determined the network compromise occurred between March 25 and March 30, 2021. Immediate containment measures were implemented to prevent further unauthorized access while investigators worked to assess the breach scope. The forensic investigation concluded on April 27, 2021, confirming the attacker accessed network segments containing protected health information. Data mining efforts on affected servers commenced to identify exposed information types and impacted patients, a process that required until July 27, 2021, to finalize the complete list of affected individuals.
The compromised data included patient names, addresses, phone numbers, driver's license numbers, diagnoses, treatment details, prescription information, provider names, patient identifiers, Medicare/Medicaid numbers, lab results, health insurance details, and treatment cost information. Notification letters issued on September 3, 2021, to 14,772 affected individuals confirmed no reports of actual or attempted data misuse at that time. Remediation efforts included comprehensive password resets for all user accounts, VPN connections, and email systems, alongside deployment of upgraded anti-virus software and continuous threat monitoring across all computers. The organization implemented workforce security retraining, updated its Security Rule risk analysis, and established periodic security audits to address vulnerabilities. Affected patients received offers for 12 months of complimentary credit monitoring and identity theft restoration services.