In a recent report by TechCrunch, it was revealed that a technology vendor experienced a significant cyber incident that led to the theft of approximately 500,000 personal health records. This breach, which occurred earlier this year, has raised serious concerns about data security and its potential consequences for both individuals and organizations involved.
The vendor, Fortra, associated with Intellihartx, a Tennessee-based company specializing in patient payment balances and collections, recently disclosed the alarming scale of the breach.
According to a notification submitted to the Maine attorney general's office, the breach affected 489,830 patients, compromising their personal information. The stolen data includes patient names, addresses, dates of birth, and Social Security numbers, posing a severe threat to those affected. In addition, the cyberattack exposed sensitive medical billing, insurance details, and confidential diagnoses and medication records.
This incident gains even more significance as Intellihartx is not the sole victim in a series of high-profile attacks. Fortra's GoAnywhere file-transfer software, widely used for sharing large datasets online, has become a prime target for cybercriminals.
The hacking group known as Clop has claimed responsibility, taking advantage of a previously undisclosed vulnerability in Fortra's software. Exploiting this flaw, they infiltrated the networks of over a hundred organizations and companies, resulting in widespread damage. Prominent victims of this cyber campaign include Hatch Bank, Rubrik (a renowned security firm), and even the City of Toronto.
The repercussions of this breach extend throughout the healthcare industry, where safeguarding patient information is of utmost importance. The compromised half a million personal health records could be exploited for malicious purposes, posing significant risks to the privacy and well-being of the affected individuals.
In response to the breach, Intellihartx has promptly taken action by filing necessary data breach notifications and initiating a written notification process for those impacted. The notice, issued on June 8, 2023, aims to provide affected individuals with crucial information and steps to minimize potential harm.
