Boulder (Colo.) Neurosurgical & Spine Associates experienced a data breach in September that could have exposed the personal information of 21,450 patients.
Compromised data could include names, dates of birth and medical records, but addresses and Social Security numbers were not affected, the practice told BizWest.
"On Sept. 21, 2021, [Boulder Neurosurgical & Spine Associates] detected a compromise to one of its business email accounts ... [and] quickly engaged cybersecurity experts and a leading incident response team to secure the subject email account, assess the extent of the unauthorized activity and remediate any damage caused by the incident," the practice said in a news release.
A third-party IT forensics firm launched an investigation to determine what information could have been exposed in the incident, which was reported to HHS on Nov. 29.
Boulder Neurosurgical & Spine Associates, a six-physician group, said it has notified individuals who might be affected by the breach.
The practice told Becker's it did not have additional comment at this time.