1. Forum
  2. FidoNet
  3. POLITICS

  • Top US health provider te

    From Mike Powell@1:2320/105 to All on Tue Feb 11 11:05:00 2025
    Top US health provider tells 882,000 patients they were hit in August 2023 breach

    Date:
    Mon, 10 Feb 2025 16:09:10 +0000

    Description:
    More than 800,000 Hospital Sisters Health System users affected in an August 2023 breach.

    FULL STORY

    Hospital Sisters Health System (HSHS), a nonprofit, Catholic healthcare
    system, suffered a cyberattack one and a half years ago, which resulted in
    the theft of sensitive patient data.

    The firm has now filed a report with the Maine Office of the Attorney
    General, in which it detailed the attack, noting it discovered an
    unauthorized third party gaining temporary access to its network, on August
    27, 2023.

    Upon learning of the situation, we immediately took steps to contain and remediate the incident and launched an internal investigation, HSHS said in
    the filing.

    Stealing sensitive data

    The investigation determined that the unnamed attackers dwelled on HSHS
    network between August 16 and August 27, and during that time exfiltrated sensitive information belonging to exactly 882,782 people.

    We have since been reviewing those files and notifying individuals whose information was found in the files on a rolling basis as our review has continued, the organization said.

    While the type of information stolen varied from person to person, in general it included full names, postal addresses, birth dates, medical record
    numbers, limited treatment information, health insurance information, Social Security numbers (SSN), and drivers license numbers.

    This is more than enough to engage in highly personalized phishing, identity theft, or even wire fraud. However, HSHS says that at this time it has no reason to believe the data has been misused.

    Healthcare information is highly sought on the black market because it
    contains sensitive personal, financial, and medical data that can be
    exploited for various types of fraud and cybercrimes. Unlike credit card
    data, which can be quickly canceled, stolen medical records provide long-term value as they include Social Security numbers, insurance details, and medical histories that can be used for identity theft , fraudulent billing, prescription fraud, and even blackmail. Additionally, the resale price of medical records is significantly higher than financial data due to their completeness and difficulty in detection.

    That being said, even though there is no evidence of misuse, out of an abundance of caution, HSHS offered affected individuals a years worth of
    credit and identity theft monitoring through Equifax.

    Via BleepingComputer

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/top-us-health-provider-tells-882-000-pa tients-they-were-hit-in-august-2023-breach

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)