Cyber Incident Victim: Specialty Surgery Center of Central New York
Date:
Mar 2021
Location:
United States of America
Summary
A cybersecurity breach at Specialty Surgery Center of Central New York potentially exposed protected health information of 24,891 patients after unauthorized individuals accessed its systems. The incident was detected when steps were taken to secure systems, with forensic analysis confirming PHI was accessed but finding no evidence of data misuse. Compromised information included names and limited health details, with notification delays attributed to extensive data validation efforts. Security enhancements implemented post-breach included antivirus updates, network reconfigurations, external email warnings, guest Wi-Fi segregation, firewall upgrades, workstation OS updates, and additional staff training.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around March 31, 2021, the Specialty Surgery Center of Central New York (Syracuse ASC) identified unauthorized access to its computer systems, prompting immediate measures to secure those systems and prevent further compromise. The organization engaged a third-party cybersecurity firm to conduct a forensic investigation, which concluded on April 30, 2021, confirming that attackers had accessed system segments containing protected health information (PHI). A subsequent review determined the specific individuals affected by the breach, with this process completing on August 16, 2021. The delay between concluding the forensic investigation and issuing patient notifications was attributed to an extensive data validation effort to ensure the accuracy of records. The analysis confirmed that unauthorized parties potentially accessed patient names along with limited health information, though investigators found no evidence suggesting actual or attempted misuse of the compromised data. The breach impacted 24,891 patients whose PHI resided on the accessed systems.
In response to the incident, Syracuse ASC implemented multiple technical and organizational safeguards to strengthen its security posture. These measures included updating antivirus software and transitioning to a new provider, restricting external website access, and adding warning banners to emails originating outside the organization. Network infrastructure received significant reconfiguration, including router adjustments, closure of unused ports and services, and segregation of guest Wi-Fi from internal systems. The center upgraded switches, firewalls, and workstation operating systems while conducting additional security awareness training for personnel. These actions focused on reducing vulnerabilities that facilitated the initial breach, with no secondary incidents reported following the implementation of these controls. The organization maintained operational continuity throughout its investigation and remediation phases.