Brainard Surgery Center recently confirmed a data breach that may have potentially acquired sensitive personal and protected health information (PHI) of an undetermined number of individuals who received treatment at the Lyndhurst, Ohio, surgery center.
What happened
On February 23, 2025, Brainard Surgery Center became aware of suspicious activity within its computer systems and launched an internal investigation. On January 30, 2025, the organization confirmed the unauthorized third-party breach.
In response, Brainard began a detailed review of its records to identify impacted individuals and the specific data involved. While the data type varies per person, it may include names, Social Security numbers, driver’s licenses or state ID numbers, dates of birth, addresses, clinical information, health insurance details, and medical claims data.
The breach has been publicly disclosed on Brainard's website, and notification letters will be sent to affected individuals.
What was said
The Brainard website notice states, “The confidentiality, privacy, and security of information within its care are among Brainard’s highest priorities. Upon discovering the incident, Brainard promptly launched an investigation to determine what data may be at risk.” The notice also confirms that individuals will receive personalized details about the types of information that may have been exposed.
Furthermore, “Brainard encourages individuals to remain vigilant against incidents of identity theft and fraud by reviewing their account statements and explanation of benefits to identify suspicious activity and detect errors."
Why it matters
Since personal identifiers like Social Security numbers and medical records are involved, victims of this breach could face long-term consequences, including identity theft and insurance fraud.
Healthcare providers, especially those managing PHI, must use HIPAA compliant solutions and improve their security strategies to prevent such incidents.
Related: HIPAA Compliant Email: The Definitive Guide
