June 17, 2022:
As of June 17, 2022, our phone systems have been restored and callers can once again use our phone directory system to directly reach Goodman Campbell’s staff.
Our main phone number 317-396-1300 will also continue to be staffed from 8:00 a.m. – 4:30 p.m., Monday through Friday. Goodman Campbell’s email system has not yet been fully restored so we are encouraging patients and doctors to contact us via phone. We appreciate the understanding of our patients, medical colleagues, and employees as we work to restore our systems.
While our investigation with forensic experts and law enforcement officials is still ongoing, we have determined that a number of files obtained by the cyber criminals during the course of this cyber-attack have been posted on the dark web. The dark web is a portion of the internet that cannot be found by search engines and is not viewable in a standard web browser so it is a very common platform for cyber criminals to use in these types of attacks. While we are still working to determine the full extent of data that may have been released, we know that some of the files posted contained sensitive patient and business information. The security of our patients’ and employees’ data is of the utmost importance, and we deeply regret that this attack on our systems occurred.
When our investigation into the cyber-attack is complete, we will be reaching out via U.S. mail to those impacted patients and staff members. In the interim, we encourage Goodman Campbell patients and staff to be vigilant in reviewing banking/financial account statements and credit reports for fraudulent or irregular activity. Some specific steps individuals can take to protect their personal data are available here.
June 3, 2022:
On May 20, 2022, Goodman Campbell Brain and Spine (Goodman Campbell) was the victim of a cyber-attack impacting our computer network and communications systems. Upon learning of this issue, we immediately took steps to secure our systems and engage a forensic analysis and incident response firm. These professionals are currently working with us to restore our affected systems, recover data, and eradicate any malicious activity from our systems. We have also notified the FBI cybercrimes division to assist with this case and are actively working with their ransomware experts.
Though we have not yet been able to verify the full nature and extent of personal data that may have been compromised, initial analysis indicates that both Goodman Campbell patient and employee data has been accessed by an unauthorized party. The security of our patients’ and employees’ data is of the utmost importance, and we deeply regret that this attack on our systems occurred. When our investigation into the cyber-attack is complete, we will be reaching out via U.S. mail to those impacted patients and staff members. Goodman Campbell is working diligently to address the impacts of the recent cyber-attack. Until our systems are fully restored, we are asking patients with urgent medical needs to call our main phone number 317-396-1300 to speak with an advanced practice provider from 8:00 a.m. – 4:00 p.m., Monday through Friday. We have established processes that permit us to care for our urgent patients until our systems are fully restored. We are committed to provide exceptional care to our patients, and will provide additional updates here as appropriate. We appreciate the understanding of our patients, medical colleagues, and employees as we work to restore our systems.
We do not have any additional details to share at this time, but we will update this website with relevant developments as the investigation continues. In the interim, we encourage Goodman Campbell patients and staff to be vigilant in reviewing banking/financial account statements and credit reports for fraudulent or irregular activity. Some specific steps individuals can take to protect their personal data are available below.
Anyone with concerns about their data should 1) monitor their credit reports, 2) obtain a fraud alert, and 3) place a security freeze on their credit.
How can I review my credit report?
Federal law requires credit reporting companies to give you a free credit report every 12 months if you request it. You can access your free credit report at www.annualcreditreport.com.
What is a fraud alert?
A fraud alert tells creditors to contact you personally before they open any new accounts.
How do I place a fraud alert on my account?
To place a fraud alert, you will need to contact any one of the three major credit bureaus (as soon as one credit bureau confirms your fraud alert, they will notify the others to place fraud alerts).
P.O. Box 105069
Atlanta, GA 30348
How long does a fraud alert last?
An initial fraud alert lasts one year and it is free; you may then renew the fraud alert.
Will a fraud alert stop me from using my credit cards?
No. A fraud alert will not stop you from using your credit cards or other accounts.
Can I still apply for a credit card or loan after I place a fraud alert on my credit report?
Yes, but the verification process may be more cumbersome. Potential creditors will receive a message alerting them to the possibility of fraud and that creditors should re-verify the identity of a person applying for credit.
How do I place a Security Freeze on my credit files and how much does it cost?
If you are very concerned about becoming a victim of fraud or identity theft, you may request a “Security Freeze” be placed on your credit file, at no cost to you. A security freeze prohibits, with certain specific exceptions, the consumer reporting agencies from releasing your credit report or any information from it without your express authorization. You may place a security freeze on your credit report by sending a request in writing, by mail, to all three nationwide credit reporting companies. To find out more on how to place a security freeze, you can use the following contact information:
Equifax Security Freeze
P.O. Box 105788
Atlanta, GA 30348
TransUnion Security Freeze
P.O. Box 2000
Chester, PA 19016
To place the security freeze, you will need to provide your name, address, date of birth, Social Security number and other personal information. After receiving your freeze request, each credit reporting company will send you a confirmation letter containing a unique PIN (personal identification number) or password. Keep the PIN or password in a safe place. You will need it if you choose to lift the freeze.
How should patients or staff report incidents of suspected or actual identity theft or fraud?
We encourage anyone who suspects identity theft or fraud to report the incident at www.identitytheft.gov, a federal resource for identity theft victims.