Neurological Institute of Savannah Data Breach Affects 32,548 Patients

On April 15, 2025, The Neurological Institute of Savannah & Center for Spine, P.C. disclosed a data breach that impacted 32,548 individuals in the United States. The breach was the result of a ransomware attack attributed to the RansomHub group, who claimed responsibility and threatened to publish the stolen data on their dark web portal.

The incident occurred between June 1, 2024, and July 21, 2024, when an unauthorized party gained access to and acquired certain electronic files from the Institute’s computer systems.

The breach exposed a wide array of sensitive information. For most affected patients, the compromised data included full names, dates of birth, medical record numbers, diagnosis and condition information, lab results, MRI imaging, CPT codes, medications information, healthcare claims information, and/or subscriber numbers. For a limited number of individuals, Social Security numbers were also involved.

Evidence of the breach surfaced on July 26, 2024, when RansomHub posted a sample of the stolen data on a dark web network (tor), threatening to release the rest within two weeks unless their demands were met. The incident was later reported to the U.S. Department of Health and Human Services on May 1, 2025. You can view the official breach disclosure on the U.S. Department of Health and Human Services breach portal.

The Neurological Institute of Savannah's response

Upon discovering the unauthorized access, the Institute immediately contained the incident and launched a thorough investigation with the help of leading cybersecurity experts. Their investigation determined the scope of the breach and identified the types of information that may have been compromised. As part of their response, the Institute is notifying affected individuals via written notification letters. For those whose Social Security numbers were involved, the Institute is offering complimentary credit monitoring services.

To further protect patient data, the Institute has implemented several enhanced security measures. These include adopting additional encryption technologies, enforcing a global password rotation across all access points and programs, deploying new technical safeguards, and increasing workforce training on data security.

If you are a patient or believe your information may have been affected, it is important to remain vigilant. Regularly review your financial account statements and credit reports for any unauthorized activity. Consider placing a fraud alert or security freeze on your credit files with the major credit bureaus.

The Institute has provided a dedicated response line at (912) 721-0191, available Monday through Friday, 9:00 AM–5:00 PM Eastern Time, for those seeking more information or assistance. Full details and additional resources are available in the official notice posted on the Institute’s website.