Cyber Incident Victim: Clearway Pain Solutions Institute

On or around February 20, 2019, Gulf Coast Pain Consultants, LLC, operating as Clearway Pain Solutions Institute, discovered unauthorized access to its electronic medical records (EMR) system. The organization initiated an investigation, which confirmed that a third party had gained improper access to patient information. The compromised data included patients' names, addresses, telephone numbers, email addresses, Social Security numbers, dates of birth, insurance details, referring provider names, and other demographic information. Notably, the breach did not involve credit card information, financial account details, or clinical medical record content. Clearway Pain Solutions did not initially disclose the number of affected individuals or confirm whether it had reported the incident to the U.S. Department of Health and Human Services (HHS).

Following the investigation, Clearway Pain Solutions terminated the unauthorized access to its EMR system and implemented corrective measures. These included reviewing all user accounts to validate access levels and activity patterns, as well as revising policies and procedures governing system and patient data access. The organization began notifying impacted patients and offered a one-year membership to Experian’s IdentityWorks credit monitoring service at no cost to mitigate risks of fraud or identity theft. An update revealed that Clearway Pain Solutions reported the incident to HHS on April 5, 2019, disclosing that approximately 35,000 patients were affected. The breach notification emphasized operational improvements to prevent future incidents but provided no additional details about the intrusion methodology or potential threat actors.