South Suburban Surgical Suites Hit by Breach

The breach came via a phishing email attack.

By HFT Staff

On April 3, 2023, South Suburban Surgical Suites, LLC (South Suburban) discovered that an unauthorized third party gained access to a legacy Microsoft Office 365-hosted business email account through phishing. “Phishing” occurs when an email is sent that looks like it is from a trustworthy source, but it is not. The phishing email prompts the recipient to share or give access to certain information. Upon discovery, South Suburban immediately took action to prevent any further unauthorized activity, began an investigation, and a leading security firm was engaged. On May 1, 2023, South Suburban learned that this incident may have involved personal information. Based on the investigation, the unauthorized party was able to access the business email account between February 20, 2023 and April 3, 2023. This email account is separate from South Suburban’s internal network and systems, which were not affected by this incident. Through the review, which was completed on June 5, 2023, South Suburban determined that personal information of affected individuals was in the impacted business email account. 

Personal information involved in this incident may have included one or more of the following elements: (1) information to identify the individual (such as full name, address, and date of birth); (2) Social Security number, driver’s license/state ID number, passport number, credit card information, and/or financial account information; (3) medical and/or treatment information (such as medical record number, dates of service, provider, diagnosis or procedure information, and prescription/medication); (4) health insurance information (such as payor name and subscriber/Medicare/Medicaid number); and (5) billing and claims information. Please note that not all data elements were involved for all individuals. 

South Suburban takes privacy and security very seriously. As soon as South Suburban discovered the incident, it immediately took action to prevent any further unauthorized activity, including resetting the user password for the business email account where unauthorized activity was detected and blocking malicious IP addresses and URLs. South Suburban has enhanced and continues to enhance its security controls and monitoring practices as appropriate to minimize the risk of any similar incident in the future, and it has retired the legacy environment in which the incident occurred. 

South Suburban is providing additional information on general steps individuals can take to monitor and protect their personal information in Additional Resources at the top of this page. Individuals should carefully review credit reports and statements sent from healthcare providers and financial institutions as well as their insurance company to ensure that all account activity is valid. Any questionable charges should be promptly reported to the company which maintains the account. For individuals whose Social Security number, driver’s license/state ID number, passport number, credit card information, and/or financial account information may have been involved, South Suburban has arranged to offer free credit monitoring and identity restoration services to these individuals. 

July 19, 2023

Topic Area: Information Technology , Safety , Security

Recent Posts

Patient Chokes Out Roommate at Norristown State Hospital

The incident stemmed from a dispute over the roommate throwing the patient’s books.

OhioHealth Announces Expansion of Dublin Methodist Hospital

Construction is expected to begin in winter 2026.

Atlantic Health System Forms Joint Venture with Premier Health Associates

The joint venture seeks to expand its ability to provide comprehensive primary care.

Environmental Services and the Fight Against AMR Bacteria

Disinfecting and training are low-cost options that address the rising threat of antimicrobial-resistant bacteria.

97 Senior Care Facilities in Southeast Texas Lose Power After Hurricane

The power outages have created concerns for seniors’ health during the summer heat.


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.