On October 31, 2022, Gateway Ambulatory Surgery Center reported a data breach with the U.S. Department of Health and Human Services Office for Civil Rights after the company confirmed that patient data was leaked after a successful email phishing attack. According to Gateway, the breach resulted in the following patient information being compromised: names, Social Security numbers, driver’s license numbers, health benefit enrollment information, health insurance information, medical history, patient account numbers, and dates of service. Recently, Gateway sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.

If you were ever a patient of Gateway Ambulatory Surgery Center, your information may have been among that which was leaked in the recent data breach. If so, there is no telling who has access to your Social Security and other sensitive data. As we’ve discussed in prior posts, hackers have been relentless in targeting healthcare providers in 2022 in an effort to obtain patients’ Social Security numbers and protected health information. Once hackers have your information, they can either sell it on the dark web or use it to perpetrate a wide range of frauds, including healthcare identity theft. Patients affected by the gateway Surgery Center data breach may consider discussing their rights with a data breach lawyer, including the possibility of bringing a civil lawsuit in pursuit of monetary damages.

What We Know About the Gateway Surgery Center Data Breach

The available information regarding the Gateway Surgery Center breach comes from the U.S. Department of Health and Human Services Office for Civil Rights data breach portal, as well as a notice posted on the company’s website. According to these sources, on April 6, 2022, Gateway Surgical Center learned that it had been the target of what appeared to be a cyberattack that affected two employee email accounts. In response, the company launched an investigation, promptly confirming the unauthorized access.

Once Gateway confirmed it was the victim of a cyberattack, management secured all computer systems, reset passwords, and then began working with a third-party data security firm to assist with the company’s investigation. This investigation revealed that the unauthorized party or parties first gained access to two employee email accounts on February 14, 2022, and that they continued to have access until May 10, 2022—almost a month after Gateway learned of the incident. The Gateway investigation also revealed that information belonging to certain patients was accessible through the compromised email accounts.

Upon discovering that sensitive consumer data was made available to an unauthorized party, Gateway Surgery Center began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, driver’s license number, health benefit enrollment information, health insurance information, medical history, patient account number, and dates of service. It was not until September 1, 2022 that Gateway determined the source of the breach was an email phishing attack.

On October 31, 2022, Gateway Surgery Center sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

More Information About Gateway Ambulatory Surgery Center

Gateway Ambulatory Surgery Center is an outpatient surgery center located in Concord, North Carolina. The practice performs a range of outpatient surgeries, including those related to podiatry, gynecology, orthopedics, urology, pain management, cataracts and more. Gateway has a staff of more than 60 physicians. Gateway Surgery Center employs more than 71 people and generates between $5 and $25 million in annual revenue.