A neurosurgical care provider reported unauthorized access to its network that led to the exposure of patient information.
What happened
NS Support LLC, a Boise-based healthcare provider focused on neurosurgical treatment, reported a hacking incident to the U.S. Department of Health and Human Services Office for Civil Rights that affected up to 92,845 individuals. The organization detected unauthorized access to its network around May 29, 2025, and later confirmed that files were accessed and removed. After completing a file review in early November, NS Support determined that protected health information was involved and began notifying affected patients later that month.
Going deeper
The investigation found that the compromised files included patient names and medical information contained in physician appointment notes. NS Support said the exposed data did not include Social Security numbers, financial details, or payment information. The organization reported that it engaged external forensics specialists, wiped and rebuilt affected systems, and implemented additional security controls. It also said it is reviewing internal data security policies and assessing network security tools as part of its remediation efforts.
What was said
NS Support stated that it has not identified evidence that the exposed information has been misused. The incident did not involve financial identifiers, so the organization said it would not offer credit monitoring or identity protection services. Patients were provided with guidance on steps they can take if they have concerns, including monitoring accounts and placing fraud alerts. The provider said it continues to assess its safeguards to reduce the risk of similar incidents.
The big picture
The NS Support breach follows a pattern seen across many healthcare incidents, where unauthorized access is only discovered after it occurs. In many cases, the issue is not the sophistication of the attack but gaps in day-to-day security visibility. Paubox’s 2025 Healthcare Email Security Report notes that “an accurate and thorough risk analysis is foundational to HIPAA Security Rule compliance” and cautions that “failure to conduct a risk analysis leaves health care entities exposed” to future incidents. The delay between the intrusion and confirmation of affected files suggests weaknesses in how risk is assessed and monitored over time. Similar breaches across the healthcare sector continue to show how overlooked misconfigurations and incomplete monitoring can quietly expose sensitive patient data.
FAQs
Why is exposure of clinical notes a concern even without financial data?
Clinical notes can reveal diagnoses, treatment plans, and personal health details that patients may consider highly sensitive.
Does a lack of misuse mean patients are not at risk?
Not necessarily. Some misuse occurs months later, which is why patients are often advised to remain alert after notification.
Why was credit monitoring not offered?
NS Support said the incident did not involve Social Security numbers or financial information, which are typically the triggers for such services.
How do providers usually detect this type of intrusion?
Many discover unauthorized access through security alerts, system anomalies, or forensic reviews conducted after suspicious activity is identified.
What can patients do after receiving a breach notice?
They can review the notice carefully, monitor for unusual communications referencing their care, and consider placing a fraud alert if they remain concerned.
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
Farah Amod
