SuperCare Health disclosed a security breach that has led to the exposure of personal information belonging to its patients, patients/members of its partner organizations and others.
The company notified impacted individuals and law enforcement agencies.
The company told the US Department of Health and Human Services that the data breach has impacted 318,379 individuals.
The security breach was discovered on July 27, 2021, when the company IT personnel noticed unauthorized activity on some systems. SuperCare Health immediately launched an investigation into the incident with the help of independent cybersecurity experts that revealed that the intrusion took place between July 23 and July 27, 2021.
Seven months later, in February 2022, the company determined the potential compromise of some information relating to certain patients.
“On July 27, 2021, we discovered unauthorized activity on our systems. In response, we immediately began containment, mitigation, and restoration efforts to terminate the activity and to secure our network, systems, and data. In addition, we retained independent cybersecurity experts to conduct a forensic investigation into the incident and assist us in determining what happened.” reads the data security notice published by the company. “The forensic investigation revealed that an unknown party had access to certain systems on our network from July 23, 2021 to July 27, 2021. Based on that information, we worked diligently to identify the potentially affected files and their contents. On February 4, 2022, we determined that the potentially impacted files contained some information relating to certain patients.”
Potentially compromised data depend on the individual and may include: name, address, date of birth, hospital or medical group, patient account number, medical record number, health insurance information, testing/diagnostic/treatment information, other health-related information, and claim information. For a small subset of individuals, their Social Security number and/or driver’s license number may have been contained in the impacted files.
The company is not aware of any abuse or misuse for the information exposed as a result of the incident.
Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform
(SecurityAffairs – hacking, healthcare)