Cyber Incident Victim: Neurology Center of Nevada
Date:
Jun 2022
Location:
United States of America
Summary
The Neurology Center of Nevada experienced a data breach involving unauthorized access to its network over a one-month period, compromising sensitive patient information including full names, addresses, dates of birth, driver’s license and Social Security numbers, health insurance details, medical diagnoses, lab results, and medication lists for over 11,000 individuals. The organization detected system inaccessibility, initiated an investigation with law enforcement, restored affected systems, and confirmed the exposure of patient data before notifying impacted parties. Specializing in neurological and sleep disorder treatments across multiple Nevada locations, the breach investigation remained ongoing with preliminary findings indicating extensive personal and medical information was accessible to unauthorized actors.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 17, 2022, the Neurology Center of Nevada discovered certain computer systems were inaccessible, prompting immediate action. The healthcare provider alerted federal law enforcement agencies, restored access to the affected systems, and initiated a formal investigation to determine the nature and scope of the incident. Forensic analysis revealed that an unauthorized actor had accessed the NCNV network between June 12, 2022 and July 17, 2022, compromising files containing sensitive patient information. While the investigation remained ongoing as of September 2022, preliminary findings confirmed the exposed data included full names, addresses, dates of birth, genders, driver's license numbers, Social Security numbers, health insurance details, medical records, diagnostic information, treatment histories, laboratory results, and current medication lists. The breach impacted 11,000+ patients according to the organization's filing with the U.S. Department of Health and Human Services Office for Civil Rights.
NCNV completed its review of compromised files by September 15, 2022, at which point it began notifying all affected individuals via mailed data breach letters. These communications outlined the specific categories of exposed personal and medical information while advising patients on potential fraud risks. The Nevada-based neurology practice, founded in 2005 with multiple clinics across Las Vegas, Henderson, and Pahrump, did not publicly confirm whether ransomware or specific attacker methodologies caused the breach. Federal authorities continued investigating the intrusion during the notification period. The incident exposed highly sensitive health data categories protected under HIPAA regulations, significantly elevating risks of medical identity theft and financial fraud for impacted patients. NCNV's response focused on system restoration, forensic analysis, regulatory compliance, and patient notification without disclosing technical details about the compromised systems or the attacker's lateral movement within the network.