Attack on healthcare provider exposes personal data of more than 4 million customers

The affected customers have already been notified

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Less than a week after the news of the data breach atZoll Medical, it’s been revealed that hackers managed to breach healthcare provider Independent Living Systems (ILS)  and steal sensitive data from millions of users in July 2022.

That’s according to anotificationfiled with the Office of the Maine Attorney General (viaBleepingComputer) by ILS earlier this week.

Per that notification, the company said that, during the attack, sensitive data on 4.2 million individuals were taken, including full names, Social Security numbers, taxpayer identification numbers, medical information, and health insurance information.

Customers notified

“Through its response efforts, ILS learned that an unauthorized actor obtained access to certain ILS systems between June 30 and July 5, 2022,” the notice reads.

“During that period, some information stored on the ILS network was acquired by the unauthorized actor, and other information was accessible and potentially viewed.”

This means that the stolen data can now potentially be sold on the dark web, used inphishingandsocial engineeringattacks, or in cases ofidentity theft.

The company said it had already notified the affected individuals, and offered one year free identity protection services, courtesy of Experian.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Some details remain unknown at this time. We don’t know who the threat actor behind the attack is, or whether this was aransomwareattack. We also don’t know how the attackers compromised ILS’ networks - if a user inadvertently shared their login credentials, or if a zero-day vulnerability was abused throughmalware.

Cybercriminals usually steal sensitive data while encrypting target endpoints, and then threaten to expose that data on the internet unless the payment is made.

For Jocelyn Houle, Senior Director, Data Governance at Securiti, an attack on a healthcare organization isn’t surprising, but it does highlight the need to make data management, privacy, and security - a top priority.

“AI & ML techniques to automate data management processes are becoming an essential step to mitigating the risk of the exposure of personal health information (PHI)."

Millions of healthcare records reportedly exposed in mega data breach>Clop ransomware hackers hit a million US healthcare customers>These are the best firewalls right now

“Automating policies by locating, protecting, and managing PHI reduces the risks of a breach, and coupled with controls such as least privilege access and techniques such as data masking, organizations can minimize exposure and damage in case of an attack.”

“Implementing a privacy management software also helps by providing cross-system visibility to identify insider threats and prevent threat actors from accessing healthcare organizations’ networks.”

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time