Top medical billing firm says data breach hit 360,000 users
Plenty of sensitive data stolen in Medusind 2023 breach
- Medusind begins notifying victims about a December 2023 data breach
- Incident resulted in 360,000 people losing payment and personal data
- The company is offering two years free identity theft monitoring
Medusind, a major medical billing firm, has confirmed suffering a cyberattack in which hundreds of thousands of people lost sensitive data, including payment information.
In a data breach notification letter, the company said the incident happened on December 29, 2023, and was spotted the same day. Since Medusind is a healthcare revenue cycle management company, it provides billing support to healthcare organizations, and it is patients from these healthcare firms who’ve had their data grabbed in this attack.
A detailed investigation into the attack uncovered that the threat actors stole health insurance and billing information (insurance policy numbers, or claims/benefits information), payment information (debit/credit card numbers, bank account information), health data (medical history, medical record number, prescription information), government ID information (Social Security numbers, taxpayer IDs, driver’s licenses, passport numbers), and other personal information (email addresses, phone numbers, birth dates, and more) - all of which could put victims at risk of identity theft or worse.
Hundreds of thousands of victims
In a separate filing with the Maine Office of the Attorney General, Medusind confirmed that exactly 360,934 people have been affected.
“The particular type of information involved depends on the individual,” it stressed in the letter.
There is currently no evidence of the data being abused in the wild, and Medusind is offering two years of free identity theft monitoring through Kroll. It also urged the victims to monitor their account statements for unexpected or strange entries which might signal identity theft, or fraud attempts, and to report them to the authorities.
Due to the sensitivity of the data they operate, and the high cost of recovery, healthcare organizations are among the most targeted ones for ransomware actors. In fact, recent analysis from Sophos found that the average cost to recover from a ransomware attack was $2.57 million in 2024, up from $2.2 million the previous year.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
You might also like
- Healthcare organizations are having to pay millions to solve ransomware attacks
- Here's a list of the best antivirus tools on offer
- These are the best endpoint protection tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.