Gramercy Surgery Center data leaked after cyberattack
Learn More
Gramercy Surgery Center, an ambulatory surgery center with locations in Manhattan and Queens, New York, has been hit by a cyberattack and a data breach.
Gramercy Surgery Center confirmed that it became aware of the cyber-attack on June 18, 2024, took action to secure its systems and started an investigation into the scope of the breach. By June 28, 2024, the investigation confirmed that unauthorized access to their systems had occurred between June 14 and June 17, 2024, during which certain documents were either copied or viewed.
The Everest Team cybercrime gang took responsibility for the attack and added Gramercy to its leak site. Everest claimed to have acquired over 460 GB of sensitive data from Gramercy, though initially, only two old files were provided as evidence of the breach. The full dataset was leaked after what appears to be a failed negotiation or lack of communication with the attackers.
The compromised data potentially includes a wide range of sensitive personal and medical information:
- Name
- Address
- Social Security number
- Date of birth
- Driver’s license or state identification card number
- Medical record number
- Treatment information
- Health insurance information
The number of affected individuals and the nature of the attack is not disclosed.
Update - as of 24th of August 2024, Gramercy reports that over 50,000 individuals were impacted by the breach.
Gramercy has stated that they will notify the affected individuals and provide guidance on how to protect their personal information.
