Over a million patients potentially hit after another US healthcare provider hit by cyberattack

News
By
published

Community Health Center confirms suffering a data breach

ID theft
Image credit: Pixabay (Image credit: Future)
  • Community Health Center confirms suffering a data breach
  • The criminals stole sensitive information on more than a million people
  • This was not a ransomware attack, CHC claims

More than a million people may have had their sensitive information stolen, after a “skilled hacker” broke into the IT system of Community Health Center (CHC).

The company filed a new report with the Maine Office of the Attorney General which said it spotted “unusual activity” in its computer systems, on January 2.

“That same day, we brought in experts to investigate and reinforce the security of our systems. They found that a skilled criminal hacker got into our system and took some data, which might include your personal information.”

Get Incogni at 55% off with code TECHRADAR

Get Incogni at 55% off with code TECHRADAR
Remove your personal information from the internet with ease. Incogni protects your online
identity and reduces unwanted robocalls and spam emails.

View Deal

No ransomware

The data stolen in this attack includes people’s names, dates of birth, addresses, phone numbers, emails, diagnoses, treatment details, test results, Social Security numbers, and health insurance information - all of which is more than enough to run highly personalized phishing attacks, and maybe even wire fraud.

CHC is a Connecticut-based nonprofit healthcare provider that offers comprehensive primary care, dental, behavioral health, and specialty services to underserved communities.

This doesn’t seem to have been a ransomware attack, however, as CHC added that the actors did not delete, or lock, any of the affected data. Therefore, the attack did not affect its daily operations, it added.

“We believe we stopped the criminal hacker’s access within hours, and that there is no current threat to our systems.”

CHC is now notifying affected individuals about the breach and offering assistance, including free identity theft protection through IDX. In the letter, CHC said that IDX will provide 24 months of credit and CyberScan monitoring. Furthermore, the company set aside a $1M reimbursement policy, and promised to help recover stolen identities.

In recent months, ransomware groups have started moving away from encryptors and focusing solely on data theft. Apparently, it is equally effective in terms of ransom demands, yet cheaper and easier to pull off. It seems that in this case, CHC was not asked for a ransom yet.

Via TechCrunch

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.