Cyber Incident Victim: American Pain and Wellness

American Pain and Wellness, PLLC (APW) detected suspicious activity within its computer systems on November 27, 2022, prompting an immediate investigation into the incident. The investigation revealed that an unauthorized party had gained access to the company's network during a 17-day period spanning from November 10, 2022, to November 27, 2022. APW confirmed that the unidentified threat actor accessed files containing confidential patient information during this intrusion window. The compromised data included sensitive personal and health information belonging to current and former patients of the pain-management practice. While the specific intrusion methods weren't disclosed, the breach timeline indicates continuous unauthorized access over more than two weeks before detection.

Following confirmation of the data exposure, APW conducted a comprehensive review of affected files to identify impacted individuals and determine the scope of compromised information. The analysis confirmed that exposed data varied by individual but included names, Social Security Numbers, insurance information, and protected health information. On March 24, 2023, APW fulfilled regulatory obligations by filing a formal notice of the breach with the Maine Attorney General's office. That same day, the organization initiated direct notification procedures by mailing data breach letters to all affected individuals. The breach exposed multiple categories of sensitive data that could potentially facilitate identity theft or fraud against patients. No information was provided regarding containment measures taken after detection or whether ransomware or data exfiltration occurred during the intrusion period.