MediSecure , an Australian prescription delivery service provider, says personal and health information of approximately 12.9 million people was stolen in a ransomware attack in April.
The company was forced to shut down its website and phone lines to contain the attack, announcing it as a "cybersecurity incident" on May 16.
At the time, Australia's National Cyber Security Coordinator (NCSC), who assisted MediSecure in mitigating the breach, described it as a "large-scale ransomware data breach".
While investigating the ransomware attack, MediSecure found that threat actors stole 6.5TB of data, which was later restored from a server backup.
On April 13, 2024, MediSecure became aware of the incident when it discovered that a database server had been encrypted by suspected ransomware. On May 17, 2024, with the assistance of IT experts, MediSecure restored a full backup of the server and immediately took steps to investigate the affected information.
The personal and health information affected by this breach relates to prescriptions dispensed by MediSecure through November 2023 and includes names, dates of birth, addresses, contact information (phone numbers and email addresses), individual health identification number (IHI), Medicare card numbers, Includes prescription medications (medication name, strength, and amount), reason for prescription, and instructions.
It also included Retiree Discount, Commonwealth Seniors, Health Care Discount and Department of Veterans Affairs (DVA) (Gold, White, Orange) card numbers.
Referring to the data breach, MediSecure said, “be wary of data breach-related scams and do not respond to unsolicited communications referencing the data breach experienced by MediSecure.” he warned.
MediSecure was one of two Australian prescription delivery services until late 2023, when it was later renamed by another company called Fred IT Group's eRx Script Exchange (eRx).
Michigan Medicine , the academic medical center of the University of Michigan, reports that personal and health information for approximately 57,000 people may have been compromised in a data breach. It is stated that the incident occurred as a result of threat actors gaining access to employee e-mail accounts on May 23 and May 29. It is also emphasized that when a data breach is discovered, compromised accounts are immediately disabled.
Michigan Medicine stated that in its research, it could not find any evidence that the purpose of the attack was to obtain patient health information, but they could not rule out the possibility of data theft. "As a result, all relevant emails were deemed to have been compromised and the contents were examined to determine whether sensitive data regarding patients was potentially impacted. This analysis was conducted between June 10, 2024 and June 27, 2024," he said.
Potentially exposed information contained in some emails and attachments included names, addresses, dates of birth, medical record numbers, diagnosis and treatment information, and health insurance information. Both patients and insurance guarantors were affected. No credit card, debit card or bank account numbers were compromised in the incident, but four patients' Social Security
their numbers were hacked.
"The emails were business-related communications for payment and billing coordination for Michigan Medicine patients. The relevant information for each patient varied depending on the specific email or attachment," Michigan Medicine stated.
The academic center blocked the attacker's IP address and changed passwords to prevent further access. Michigan Medicine has also taken steps to improve the security of employee emails and passwords and plans to train employees on social engineering and password hygiene.
Notifications were sent to affected patients and/or their guarantors or their personal representatives as of July 19, 2024.
HealthEquity announced that a data breach earlier this year resulted in the personal and financial information of millions of customers being compromised.
A filing with the Maine Office of the Attorney General (OAG) revealed that the incident occurred on March 9 but was confirmed by the company on June 26.
Approximately 4.3 million customers were affected by this breach, and notification letters are scheduled to be sent on August 9. The company reported the incident to the SEC on July 2.
As a health savings account (HSA) specialist, HealthEquity has access to protected health information (PHI) and personally identifiable information (PII).
While not all types of data were breached for every affected customer, the information breached included: first name, last name, address, phone number, employee identification number, employer, social security number, dependent contact information, and payment card information (but not payment card number or HealthEquity bank card information is not included).
During the investigation, HealthEquity discovered that the breach was due to "user accounts being compromised by a vendor with access to an online data storage location."
“As a result of our investigation, we took immediate action, including disabling all potentially compromised merchant accounts and terminating all active sessions; blocking all IP addresses associated with threat actor activity; and implementing a global password reset for the affected merchant. We have also taken immediate action to reduce our security and monitoring efforts internally.” "We have strengthened our control mechanisms and security posture." made a statement.
Yorumlar