Medical data of almost 400,000 Americans stolen: Here's what we know

News
By published

A supply-chain attack struck Gryphon Healthcare and an unnamed partner

A medical professional working on a digital device with icons floating in the air.
Image Credit: Shutterstock (Image credit: Shutterstock)

American healthcare management organization Gryphon Healthcare recently suffered a supply-chain cyberattack in which sensitive data on hundreds of thousands of patients was stolen.

The company confirmed the news in a breach notification filed with the Office of the Maine Attorney General, stating a company partner that Gryphon provides medical billing services for was breached some time before August 13, 2024.

The company did not name the partner that was breached, but it seems that the breach gave the attackers access to personal and protected health information that Gryphon maintained.

No evidence of misuse

“As a result of this third-party security incident, an unauthorized actor may have accessed certain files and data containing information relative to patients for whom Gryphon provides medical billing services,” the company said in the filing.

“The information may have included your name, date of birth, address, Social Security number, dates of service, diagnosis information, health insurance information, medical treatment information, prescription information, provider information and medical record number," the filing continued.

The data stolen is more than enough to run highly sophisticated phishing attacks, identity immitation operations, or even wire fraud. The total number of people affected by this incident stands at 393,358, Gryphon said, adding that it has seen no evidence suggesting that the data was misused. At this time, no threat actors have assumed responsibility for the attack.

Given the sensitivity of the information they handle, healthcare organizations are one of the most popular targets for ransomware attackers. These threat actors steal the information, and then threaten to release it to the public, unless a payment is made. Leaked patient data could result in loss of business, tarnished reputation, regulator fines, and even class-action lawsuits.

In fact, The Register reports Tulsa, OK-based Abington Cole and Ellery have already started appealing for victims of the data protection mess, and that is not the only class-action lawsuit against breached healthcare firms it is currently handling.

If you suspect your data may have been stolen in this breach, take a look at our guide to the best identity theft protection.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
ID theft
Over a million patients potentially hit after another US healthcare provider hit by cyberattack
security
Ransomware gangs allegedly hit two major US healthcare firms, 300,000 patients have data stolen
Lock on Laptop Screen
United Healthcare data breach may have affected 190 million Americans
ransomware avast
The biggest addiction treatment provider in the US says it was hit by data breach
healthcare
Top US health provider tells 882,000 patients they were hit in August 2023 breach
Data breach
Top medical billing firm says data breach hit 360,000 users
Latest in Security
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple H3C Magic routers hit by critical severity remote command injection, with no fix in sight
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Latest in News
Netflix Ads
Netflix adds HDR10+ support – great news for Samsung TV owners, but don't expect LG and Sony to do the same any time soon
FiiO FX17 IEMs
Our favorite budget audiophile brand unveils wired earbuds with 26(!) drivers, electrostatic units, USB-C ultra-Hi-Res Audio, and a not-so-budget price
Nvidia RTX 5080 against a yellow TechRadar background
RTX 5080 24GB version teased by MSI - is it time to admit that 16GB isn't enough for 4K?
A close up of the PlayStation symbol at the top of a PS5 Slim console with a white brick background
Sony has dropped a new PS5 update, improving activities and adding more emoji support
girl using laptop hoping for good luck with her fingers crossed
Windows 11 24H2 seems to be a massive fail – so Microsoft apparently working on 25H2 fills me with hope... and fear
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
More about security
Code Skull

Interpol operation arrests 300 suspects linked to African cybercrime rings
An abstract image of a lock against a digital background, denoting cybersecurity.

Critical security flaw in Next.js could spell big trouble for JavaScript users
Under Armour Infinite Elite 2

The Under Armour Infinite Elite 2 is my new favorite running shoe, but not because of its looks
See more latest
Most Popular
A close up of the PlayStation symbol at the top of a PS5 Slim console with a white brick background
Sony has dropped a new PS5 update, improving activities and adding more emoji support
Netflix Ads
Netflix adds HDR10+ support – great news for Samsung TV owners, but don't expect LG and Sony to do the same any time soon
Nvidia RTX 5080 against a yellow TechRadar background
RTX 5080 24GB version teased by MSI - is it time to admit that 16GB isn't enough for 4K?
Google Pixel 9a being held, from the back
The Google Pixel 9a’s mysterious delay may have just been explained
Nintendo Sound Clock: Alarmo
Nintendo Sound Clock: Alarmo gets new update with more customizable features ahead of the Switch 2 Direct
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
FiiO FX17 IEMs
Our favorite budget audiophile brand unveils wired earbuds with 26(!) drivers, electrostatic units, USB-C ultra-Hi-Res Audio, and a not-so-budget price
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
girl using laptop hoping for good luck with her fingers crossed
Windows 11 24H2 seems to be a massive fail – so Microsoft apparently working on 25H2 fills me with hope... and fear
ChatGPT Advanced Voice mode on a smartphone.
Talking to ChatGPT just got better, and you don’t need to pay to access the new functionality