Neinstein Plastic Surgery in New York and Atlantic Brain and Spine in North Carolina have announced security incidents that exposed patient information.
Neinstein Plastic Surgery in New York City and Atlantic Brain and Spine in North Carolina have disclosed separate cybersecurity incidents involving unauthorized access to sensitive patient data, highlighting growing concerns around healthcare data security in 2026.
Neinstein Plastic Surgery reported that an email account containing patient information was accessed by an unauthorized individual between November 12 and November 20, 2025. The suspicious activity was detected on December 2, 2025, prompting immediate action to secure the account and launch an investigation. The organization later confirmed on February 20, 2026, that the compromised account contained a wide range of sensitive information, including patient names, contact details, dates of birth, Social Security numbers, driver’s license or passport numbers, financial account and credit card details, health insurance data, and clinical information such as diagnoses and treatment records.
The practice stated that the incident appeared to be financially motivated rather than specifically targeting patient records; however, it acknowledged that patient information may have been exposed. Law enforcement has been notified, and Neinstein Plastic Surgery has implemented additional technical safeguards to strengthen email security, along with enhanced employee training. While no misuse of the data has been reported so far, affected individuals have been offered complimentary credit monitoring and identity theft protection services. The total number of impacted individuals has not yet been disclosed.
In a separate incident, Atlantic Brain and Spine, based in Wilmington, North Carolina, identified suspicious activity within its network on January 26, 2026. The organization engaged third-party cybersecurity specialists to investigate the breach, confirming that unauthorized access to patient data had occurred.
According to Atlantic Brain and Spine, the compromised information may include names, addresses, email addresses, phone numbers, dates of birth, Social Security numbers, financial account details, and extensive medical information. This includes treatment and diagnosis records, prescription and medication data, dates of service, provider names, medical record numbers, patient account numbers, Medicare and Medicaid identification numbers, health insurance details, and medical billing or claims information. The exact scope of affected individuals remains under review.
Atlantic Brain and Spine stated that it is working closely with cybersecurity experts to strengthen its systems and prevent future incidents. The organization is also reviewing and enhancing its internal data privacy and security policies as part of its response.
These incidents underscore the increasing vulnerability of healthcare organizations to cyberattacks, particularly as large volumes of sensitive patient data are stored and managed digitally. As investigations continue, both organizations are taking steps to reinforce security measures and mitigate potential risks associated with the breaches.
Recommended Cyber Technology News :
- Capita Hit by Data Breach in Civil Service Pension System
- Eurail Data Breach Exposes Passport Data of 308K Users
- Data Breaches Hit ProxyCare, Oscar Health, AccentCare
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
