Cyber Incident Victim: Goodman Campbell Brain and Spine
Date:
May 2022
Location:
United States of America
Summary
A cyber-attack compromised a healthcare provider's systems, leading to unauthorized access of sensitive patient and employee data including medical, financial, and demographic information such as names, dates of birth, Social Security numbers, diagnoses, treatment details, and insurance records. The attackers exfiltrated files from internal network locations—excluding the electronic medical record system—and posted stolen data on the dark web, which was temporarily removed before being reactivated. The incident disrupted clinical operations and communication systems, requiring gradual restoration of phone services and email capabilities. Forensic experts and law enforcement were engaged to investigate the breach, recover data, and mitigate malicious activity. Impacted individuals received notifications with offers of complimentary credit monitoring services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 20, 2022, Goodman Campbell Brain and Spine experienced a cyber-attack that disrupted its computer network and communications systems. The organization immediately secured its systems, engaged forensic analysts and incident response professionals, and notified the FBI’s cybercrimes division for assistance. Initial analysis indicated unauthorized access to patient and employee data, though the full scope remained undetermined. Clinical operations were temporarily adjusted, with urgent patient care routed through a dedicated phone line during system restoration. By June 3, phone systems were partially restored, though email remained inoperable. Forensic investigators confirmed that attackers had acquired files containing sensitive patient and business information, which were subsequently posted on the dark web—a hidden internet segment inaccessible via standard browsers. The organization acknowledged the likelihood of compromised personal data but emphasized its electronic medical record system remained untouched.
By July 19, Goodman Campbell restored all clinical operations and communication systems, concluding that attackers accessed medical, financial, and demographic data from internal network locations such as appointment schedules, referral forms, and insurance documentation. Impacted information included names, dates of birth, addresses, Social Security numbers, medical record numbers, diagnoses, treatment details, and insurance data. Written notifications were dispatched to affected individuals, offering complimentary credit monitoring and identity theft prevention services. On August 11, the organization learned the attacker reactivated the dark web leak site, making stolen data accessible again despite its initial 10-day exposure following the breach. Throughout the incident, Goodman Campbell directed patients and staff to monitor financial accounts, provided resources for fraud alerts and credit freezes, and maintained a dedicated assistance hotline. The FBI and forensic teams continued investigating the breach’s origins and full impact while the organization prioritized system recovery and patient communication.