Cyber Incident Victim: Codman Square Health Center

Codman Square Health Center detected suspicious network activity on November 28, 2022, leading to the discovery of a ransomware attack that compromised its IT systems. The investigation conducted with third-party cybersecurity specialists determined unauthorized actors accessed and exfiltrated files containing patient information between November 23 and November 27, 2022. The breach exposed confidential patient data including names, addresses, medical record numbers, medical diagnoses, treatment information, and insurance claims details. Codman confirmed the exfiltration of protected health information through forensic analysis before initiating notification procedures. The health center reviewed affected files to identify impacted individuals and the specific types of compromised data per victim. No evidence suggests the attackers' identity or motives were established during the investigation.

Codman Square Health Center filed a formal breach notice with the U.S. Department of Health and Human Services Office for Civil Rights on March 1, 2023, fulfilling federal reporting obligations. The organization simultaneously issued data breach notification letters to all affected individuals on that date, detailing the compromised information types without specifying the total number of victims. As a community health provider serving approximately 23,000 annual patients across primary, dental, behavioral, and urgent care services, the incident potentially exposed sensitive health data of a significant portion of their patient population. The breach prompted internal security reviews but did not disrupt ongoing healthcare services based on available reports. Codman publicly disclosed the incident through a "Notice of Data Security Event" on their website alongside regulatory filings. The compromised systems involved IT network infrastructure storing patient records, though technical containment measures weren't explicitly described in disclosures.