Atlantic Brain and Spine Data BreachExposes PHI and PII

Atlantic Brain and Spine, PA, a neurosurgical practice based in Wilmington, N.C., disclosed a data breach that may have exposed a number of individuals' personal and medical information.

Atlantic Brain and Spine released a notice of the data incident through PR Newswire on March 27, 2026. The practice first observed unusual activity on its network on Jan. 26, 2026, approximately two months before the notice was published.

What happened in the Atlantic Brain and Spine data breach

On Jan. 26, 2026, Atlantic Brain and Spine observed unusual activity in its computer network.

An investigation found that certain data stored on the company's network had been accessed without authorization. At the time of the notice, Atlantic Brain and Spine said it was still conducting a comprehensive review of the potentially impacted data.

Because the review has not yet been completed, the full scope of the breach remains unknown. However, based on what has been determined so far, the types of information potentially exposed may include personally identifiable information such as names, addresses, email addresses, phone numbers, dates of birth, Social Security numbers and financial account information.

Moreover, the breach may have also exposed protected health information including treatment and diagnosis information, prescription and medication information, dates of service, provider names, medical record numbers, patient account numbers, Medicare and Medicaid ID numbers, health insurance information and medical billing and claims information.

Atlantic Brain and Spine's response to the breach

The company encouraged individuals to remain vigilant against incidents of identity theft and fraud. Specifically, Atlantic Brain and Spine recommended that people review their credit reports, account statements and explanation of benefits forms for any suspicious activity or errors.

The practice also noted that individuals can learn more about identity theft, fraud alerts, credit freezes and other protective measures by contacting the credit reporting bureaus, the Federal Trade Commission or their state attorney general.

Individuals who have questions about this incident can contact Atlantic Brain and Spine by calling 910-763-3333. The company can also be reached by email at info@atlanticbrainandspine.com or by mail at 2208 S. 17th St., Wilmington, NC 28401.

Steps to take if your information was exposed

Because this breach may involve sensitive personal, financial and medical data, affected individuals should consider taking the following protective steps. These measures can help detect unauthorized use of personal information and reduce the risk of identity theft and fraud.

• Place a fraud alert or credit freeze with the three major credit reporting agencies: TransUnion (1-800-680-7289), Experian (1-888-397-3742) and Equifax (1-888-298-0045).
• Request free credit reports from all three bureaus at AnnualCreditReport.com and review them carefully for any unfamiliar accounts, credit inquiries or other suspicious activity.
• Review bank and financial account statements closely for any unauthorized transactions, since financial account information may have been part of the exposed data.
• Monitor explanation of benefits statements from health insurers for medical services, prescriptions or equipment not received, which could be a sign of medical identity fraud.
• Be cautious of phishing attempts that reference Atlantic Brain and Spine or this data breach by name, as scammers often use real incidents to trick people into sharing additional personal information.
• Report suspected identity theft to the Federal Trade Commission at identitytheft.gov, by calling 1-877-438-4338 (TTY: 1-866-653-4261) or by mail at 600 Pennsylvania Ave. NW, Washington, D.C. 20580.