Cyber Incident Victim: Goldsboro Podiatry

On or around April 29, 2022, Goldsboro Podiatry, a North Carolina-based practice operated by Kevin Wolf, DPM, experienced a cybersecurity incident involving unauthorized access to patient data managed by an unnamed third-party electronic medical records provider. The breach was detected that same day when selected servers used by the service provider were encrypted during a ransomware attack. The external company confirmed in May 2022 that attackers had accessed server data and potentially exfiltrated it. Goldsboro Podiatry was formally notified of the ransomware incident by its vendor on May 20, 2022, approximately three weeks after initial detection. The compromised records contained protected health information for 30,669 individuals, including full names, contact information, dates of birth, Social Security numbers, demographic details, medical histories, medication information, clinical findings, diagnostic data, and treatment plans. The incident stemmed from unauthorized access to the vendor's systems rather than direct infiltration of Goldsboro Podiatry's infrastructure.

Following confirmation of the breach, the electronic medical records provider implemented security enhancements to its IT systems and upgraded cybersecurity protections to prevent future attacks. Goldsboro Podiatry coordinated with the vendor to provide affected individuals with complimentary identity theft protection and credit monitoring services. The practice did not terminate its relationship with the vendor, unlike other organizations referenced in broader breach reports. No evidence of patient data misuse was confirmed at the time of disclosure. The incident represented a compromise of sensitive healthcare data through a supply chain attack targeting a business associate rather than the healthcare provider directly, with delayed notification to the covered entity due to the vendor-led investigation timeline.