Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Healthcare Data. Show all posts
Patient Data
Data Analytics Agency Data Breach Data Leak Data Privacy data security Data Theft Healthcare Healthcare Data Healthcare Security Patient Data

Episource Healthcare Data Breach Exposes Personal Data of 5.4 Million Americans

 

In early 2025, a cyberattack targeting healthcare technology provider Episource compromised the personal and medical data of over 5.4 million individuals in the United States. Though not widely known to the public, Episource plays a critical role in the healthcare ecosystem by offering medical coding, risk adjustment, and data analytics services to major providers. This makes it a lucrative target for hackers seeking access to vast troves of sensitive information. 

The breach took place between January 27 and February 6. During this time, attackers infiltrated the company’s systems and extracted confidential data, including names, addresses, contact details, Social Security numbers, insurance information, Medicaid IDs, and medical records. Fortunately, no banking or payment card information was exposed in the incident. The U.S. Department of Health and Human Services reported the breach’s impact affected over 5.4 million people. 

What makes this breach particularly concerning is that many of those affected likely had no direct relationship with Episource, as the company operates in the background of the healthcare system. Its partnerships with insurers and providers mean it routinely processes massive volumes of personal data, leaving millions exposed when its security infrastructure fails. 

Episource responded to the breach by notifying law enforcement, launching an internal investigation, and hiring third-party cybersecurity experts. In April, the company began sending out physical letters to affected individuals explaining what data may have been exposed and offering free credit monitoring and identity restoration services through IDX. These notifications are being issued by traditional mail rather than email, in keeping with standard procedures for health-related data breaches. 

The long-term implications of this incident go beyond individual identity theft. The nature of the data stolen — particularly medical and insurance records combined with Social Security numbers — makes those affected highly vulnerable to fraud and phishing schemes. With full profiles of patients in hand, cybercriminals can carry out advanced impersonation attacks, file false insurance claims, or apply for loans in someone else’s name. 

This breach underscores the growing need for stronger cybersecurity across the healthcare industry, especially among third-party service providers. While Episource is offering identity protection to affected users, individuals must remain cautious by monitoring accounts, being wary of unknown communications, and considering a credit freeze as a precaution. As attacks on healthcare entities become more frequent, robust data security is no longer optional — it’s essential for maintaining public trust and protecting sensitive personal information.
Read more »
Ransomwares
Data Breach Data Privacy data security Data Theft Healthcare Data healthcare data breach Healthcare Industry Personal Information Ransomware attack Ransomwares

Horizon Healthcare RCM Reports Ransomware Breach Impacting Patient Data

 

Horizon Healthcare RCM has confirmed it was the target of a ransomware attack involving the theft of sensitive health information, making it the latest revenue cycle management (RCM) vendor to report such a breach. Based on the company’s breach disclosure, it appears a ransom may have been paid to prevent the public release of stolen data. 

In a report filed with Maine’s Attorney General on June 27, Horizon disclosed that six state residents were impacted but did not provide a total number of affected individuals. As of Monday, the U.S. Department of Health and Human Services’ Office for Civil Rights had not yet listed the incident on its breach portal, which logs healthcare data breaches affecting 500 or more people.  

However, the scope of the incident may be broader. It remains unclear whether Horizon is notifying patients directly on behalf of these clients or whether each will report the breach independently. 

In a public notice, Horizon explained that the breach was first detected on December 27, 2024, when ransomware locked access to some files. While systems were later restored, the company determined that certain data had also been copied without permission. 

Horizon noted that it “arranged for the responsible party to delete the copied data,” indicating a likely ransom negotiation. Notices are being sent to affected individuals where possible. The compromised data varies, but most records included a Horizon internal number, patient ID, or insurance claims data. 

In some cases, more sensitive details were exposed, such as Social Security numbers, driver’s license or passport numbers, payment card details, or financial account information. Despite the breach, Horizon stated that there have been no confirmed cases of identity theft linked to the incident. 

The matter has been reported to federal law enforcement. Multiple law firms have since announced investigations into the breach, raising the possibility of class-action litigation. This incident follows several high-profile breaches involving other RCM firms in recent months. 

In May, Nebraska-based ALN Medical Management updated a previously filed breach report, raising the number of affected individuals from 501 to over 1.3 million. Similarly, Gryphon Healthcare disclosed in October 2024 that nearly 400,000 people were impacted by a separate attack. 

Most recently, California-based Episource LLC revealed in June that a ransomware incident in February exposed the health information of roughly 5.42 million individuals. That event now ranks as the second-largest healthcare breach in the U.S. so far in 2025. Experts say that RCM vendors continue to be lucrative targets for cybercriminals due to their access to vast stores of healthcare data and their central role in financial operations. 

Bob Maley, Chief Security Officer at Black Kite, noted that targeting these firms offers hackers outsized rewards. “Hitting one RCM provider can affect dozens of healthcare facilities, exposing massive amounts of data and disrupting financial workflows all at once,” he said.  
Maley warned that many of these firms are still operating under outdated cybersecurity models. “They’re stuck in a compliance mindset, treating risk in vague terms. But boards want to know the real-world financial impact,” he said. 

He also emphasized the importance of supply chain transparency. “These vendors play a crucial role for hospitals, but how well do they know their own vendors? Relying on outdated assessments leaves them blind to emerging threats.” 

Maley concluded that until RCM providers prioritize cybersecurity as a business imperative—not just an IT issue—the industry will remain vulnerable to repeating breaches.
Read more »
Patient Data
Data Breach data security Data Sets Data Theft Healthcare Data healthcare data breach Patient Data

DM Clinical Research Database Exposed Online, Leaking 1.6M Patient Records

 

A clinical research database containing over 1.6 million patient records was discovered publicly accessible online without encryption or password protection. Security researcher Jeremiah Fowler found the dataset, linked to DM Clinical Research, exposing sensitive information such as names, medical histories, phone numbers, email addresses, medications, and health conditions. 

The unprotected database, totaling 2TB of data, put those affected at risk of identity theft, fraud, and social engineering scams. While the database name suggests it belongs to DM Clinical Research, it remains unclear whether the firm directly managed it or if a third party was responsible. Fowler immediately sent a disclosure notice, and the database was taken offline within hours. 

However, it is unknown how long it remained exposed or whether threat actors accessed the data before its removal. Only a thorough forensic audit can determine the extent of the breach. DM Clinical Research responded to the disclosure, stating that they are reviewing the findings to ensure a swift resolution. They emphasized their commitment to data security and compliance with legal regulations, highlighting the importance of protecting sensitive patient information. 

However, this incident underscores the growing risks facing the healthcare industry, which remains a prime target for cyberattacks, including ransomware and data breaches. Healthcare data is among the most valuable for cybercriminals, as it contains detailed personal and medical information that cannot be easily changed, unlike financial data. 

In recent years, hackers have aggressively targeted medical institutions. In 2024, a cyberattack compromised the records of 190 million Americans, and UnitedHealth suffered a ransomware attack that leaked customer information onto the dark web. The exposure of sensitive medical conditions—such as psychiatric disorders, HIV status, or cancer—could lead to discrimination, scams, or blackmail. Attackers often use exposed medical data to craft convincing social engineering scams, posing as doctors, insurance companies, or medical professionals to manipulate victims. 

Fowler warns that health records, unlike financial data, remain relevant for a lifetime, making breaches particularly dangerous. Organizations handling sensitive data must take proactive measures to protect their systems. Encryption is critical to safeguarding customer information, as unprotected datasets could lead to legal consequences and financial losses. Real-time threat detection, such as endpoint security software, helps identify intrusions and suspicious activity before damage is done. 

In the event of a breach, transparency is essential to maintaining consumer trust and mitigating reputational harm. For individuals affected by data breaches, vigilance is key. Regularly monitoring financial accounts and bank statements for suspicious transactions can help detect fraudulent activity early. Social engineering attacks are also a major risk, as scammers may exploit exposed medical data to impersonate trusted professionals. 

Be cautious of unexpected emails, phone calls, or messages requesting personal information, and avoid opening attachments from unfamiliar sources. Using strong, unique passwords—especially for financial and healthcare accounts—adds an extra layer of security. 

This breach is yet another reminder of the urgent need for stronger cybersecurity measures in the healthcare sector. As cybercriminals continue to exploit vulnerabilities, both organizations and individuals must remain proactive in safeguarding sensitive data.
Read more »
ransomware attacks
Critical Infrastructure Cyber Attacks cybersecurity in healthcare data security Healthcare Data Healthcare Industry ransomware attacks

WHO and Global Leaders Warn Against Rise of Ransomware Attacks Targeting Hospitals

 

On November 8, the World Health Organization (WHO) joined over 50 countries in issuing an urgent warning at the United Nations about the increase in ransomware attacks on healthcare systems worldwide. WHO Director-General Tedros Adhanom Ghebreyesus addressed the UN Security Council, emphasizing the critical risks these cyberattacks pose to public health and safety. He highlighted the growing frequency of attacks on hospitals, which could delay urgent care, disrupt essential services, and lead to life-threatening consequences. Calling for global cooperation, he described ransomware as an international security threat that demands a coordinated response. 

Ransomware is a form of cyberattack where hackers lock or encrypt a victim’s data and demand payment in exchange for releasing it. This form of digital extortion has escalated globally, affecting healthcare providers, institutions, and governments alike. In the healthcare sector, such attacks can be particularly devastating, compromising the safety of patients and healthcare workers. The joint statement, endorsed by nations such as Japan, South Korea, Argentina, France, Germany, and the United Kingdom, outlined the immediate dangers these attacks pose to public health and international security, calling on all governments to take stronger cybersecurity measures. The U.S., represented by Deputy National Security Adviser Anne Neuberger, directly blamed Russia for allowing ransomware groups to operate freely within its borders. 

According to Neuberger, some countries knowingly permit these actors to execute attacks that impact critical infrastructure globally. She called out Moscow for not addressing cybercriminals targeting foreign healthcare systems, implying that Russia’s inaction may indirectly support these malicious groups. Additional accusations were made against North Korea by delegates from France and South Korea, who highlighted the country’s alleged complicity in facilitating ransomware attacks. Russia’s UN representative, Ambassador Vassily Nebenzia, defended against these claims, arguing that the Security Council was not the right forum to address such issues. He asserted that Western nations were wasting valuable council time and resources by focusing on ransomware, suggesting instead that they address other pressing matters, including alleged attacks on hospitals in Gaza.  

WHO and the supporting nations warn that cybercrime, particularly ransomware, requires a global response to strengthen defenses in vulnerable sectors like healthcare. Dr. Ghebreyesus underscored that without collaboration, cybercriminals will continue to exploit critical systems, putting lives at risk. The joint statement also condemned nations that knowingly enable cybercriminals by allowing them to operate within their jurisdictions. This complicity, they argue, not only endangers healthcare systems but also threatens peace and security globally. 

As ransomware attacks continue to rise, healthcare systems worldwide face increasing pressure to strengthen cybersecurity defenses. The WHO’s call to action emphasizes that nations need to take ransomware threats as seriously as traditional security issues, working together to protect both patient safety and public health infrastructure.
Read more »
U.S. healthcare
ALPHV Blackcat Ransomware Cyber Attacks Healthcare Data Ransomeware U.S. healthcare

Healthcare in Crosshairs: ALPHV/Blackcat Ransomware Threat Escalates, FBI Issues Warning

 

In a joint advisory, the FBI, CISA, and HHS have issued a stark warning to healthcare organizations in the United States about the heightened risk of targeted ALPHV/Blackcat ransomware attacks. This cautionary announcement follows a series of alerts dating back to April 2022 and underscores the severity of the threat posed by the BlackCat cybercrime gang, suspected to be a rebrand of infamous ransomware groups DarkSide and BlackMatter. 

The advisory highlights that ALPHV Blackcat affiliates have shown a notable focus on the healthcare sector. The FBI, in particular, has linked BlackCat to over 60 breaches within its first four months of activity, accumulating a staggering $300 million in ransoms from over 1,000 victims up until September 2023. Recent developments indicate a shift in BlackCat's targeting strategy, with the healthcare sector becoming a prime victim since mid-December 2023. This shift aligns with an administrator's call for affiliates to target hospitals following operational actions against the group and its infrastructure earlier that month. 

Notably, the warning coincides with a cyberattack on UnitedHealth Group subsidiary Optum, affecting Change Healthcare, a crucial payment exchange platform in the U.S. healthcare system. Although not confirmed, the attack has been linked to the BlackCat ransomware group, and sources suggest the threat actors exploited the ScreenConnect auth bypass vulnerability (CVE-2024-1709) for initial access. 

The joint advisory emphasizes the critical need for healthcare organizations, considered part of the nation's critical infrastructure, to implement robust mitigation measures against Blackcat ransomware and data extortion incidents. Authorities urge these entities to bolster cybersecurity safeguards, specifically tailored to counteract prevalent tactics, techniques, and procedures commonly employed in the Healthcare and Public Health (HPH) sector. This development underscores the evolving nature of cyber threats, especially within the healthcare landscape, and the necessity for proactive measures to safeguard sensitive patient data and critical infrastructure. 

The FBI, CISA, and HHS have shared indicators of compromise to assist organizations in identifying potential threats, emphasizing the importance of collaboration to combat the persistent and evolving threat posed by ransomware groups like BlackCat. As the healthcare sector grapples with escalating cyber risks, the advisory serves as a stark reminder of the urgent need for comprehensive cybersecurity measures, including timely patching of vulnerabilities and robust incident response plans. Organizations are encouraged to stay vigilant, collaborate with cybersecurity agencies, and prioritize the security of their networks and systems to mitigate the impact of ransomware attacks. 

The U.S. State Department's substantial rewards for information leading to the identification or location of BlackCat gang leaders underscore the severity of the threat and the government's commitment to dismantling these cybercriminal operations. In this high-stakes environment, the healthcare industry must remain resilient, continually adapting to emerging threats, and fortifying its defenses against ransomware attacks.
Read more »
U.S. Census Bureau
Artificial Intelligence Data Privacy Healthcare Healthcare Data Synthetic Data Technology U.S. Census Bureau

Synthetic Data: How Does the ‘Fake’ Data Help Healthcare Sector?


As the health care industry globally continues to collapse from staff-shortage, AI is being hailed as the public and private sector’s salvation. With its capacity to learn and perform jobs like tumor detection from scans, the technology has the potential to prevent overstress among healthcare professionals and free up their time so they can concentrate on providing the best possible treatment.

However, AI requires its data to be working perfectly in order operate efficiently. If the models are not trained properly on comprehensive, objective, and high-quality data, it could lead to insufficient outcomes. This way, AI has turned out to be lucrative aspect for healthcare institutions. However, it is quite challenging for them to gather and use information while also adhering to privacy and confidentiality regulations because of the sensitivity of the patient data involved.

This is where the idea of ‘synthetic data’ come into play. 

Synthetic Data

The U.S. Census Bureau defines synthetic data as artificial microdata that is created with computer algorithms or statistical models to replicate the statistical characteristics of real-world data. It can supplement or replace actual data in public health, health information technology, and healthcare research, sparing companies the headache of obtaining and utilizing real patient data.

One of the reasons why synthetic data is preferred over the real-world information is the privacy it provides. 

Synthetic data is created in a way that maintains the dataset's analytical usefulness while replacing any personally identifying information (PII) with non-identified numbers. This ensures that identities cannot be traced back to particular records or used for re-identification while facilitating the easy usage and exchange of data for internal use.

Using fake data as an alternative for PII ensures that the organizations remain true to their guidelines such as GDPR and HIPAA throughout the process. 

In addition to protecting privacy, synthetic datasets can assist save the time and money that businesses often need to spend obtaining and managing real-world data using conventional techniques. Without needing businesses to enter into complicated data-sharing agreements, privacy legislation, or data access restrictions, they faithfully reproduce the original data.

Caution is a Must At All Stages

Even though synthetic data has a lot of advantages over real data, it should never be treated carelessly.

For example, the output may be less dependable and accurate than anticipated and could have an impact on downstream applications if the statistical models and algorithms being used to generate the data are faulty or biased in any manner. In a similar vein, a malicious actor could be able to re-identify the data if it is only partially safeguarded.

Such case can happen if the synthetic data include outliners and unique data points, such as a rare disease found in a small number of records. It may be connected to the original dataset with ease. Re-identifying records in the synthetic data can also be accomplished by adversarial machine learning techniques, particularly in cases where the attacker has access to both the generative model and the synthetic data.

These situations can be avoided by using techniques like differential privacy – to add noise to the data – and disclosure control in the generation process in order to add alteration and perturbation of the information. 

Generating synthetic data could be tricky and may as well result in compromise of transparency and reproducibility. Researchers and teams are thus advised to take the aforementioned approach without running the same risks, and constantly seek to document and share the procedures used to produce synthetic data.  

Read more »
Ransomware attack
ALPHV Blackcat Ransomware BlackCat Data Breach Healthcare Data Henry Schein Ransomware attack

Henry Schein Data Breach: Healthcare Giant Reports Second Attack in Two Months


U.S. based healthcare company Henry Schein has confirmed another cyberattack this month conducted by threat actor ‘BlackCat/ALPHV’ ransomware gang. The company was previously attacked by the same group in October. 

Henry Schein

Henry Schein is a Fortune 500 healthcare products and services provider with operations and affiliates in 32 countries, with approximately $12 billion in revenue reported in 2022. 

It first made public on October 15 that, following a cyberattack the day before, it had to take some systems offline in order to contain the threat.

On November 22, more than a month later, the company announced that parts of its apps and the e-commerce platform had once more been taken down due to another attack that was attributed to the BlackCat ransomware.

"Certain Henry Schein applications, including its ecommerce platform, are currently unavailable. The Company continues to take orders using alternate means and continues to ship to its customers," the announcement said.

"Henry Schein has identified the cause of the occurrence. The threat actor from the previously disclosed cyber incident has claimed responsibility."

Today, the company released a statement, noting that it has restored its U.S. e-commerce platform and that it is expecting its platforms in Canada and Europe to be back online shortly. 

The healthcare services company is apparently still taking orders through alternate methods and distributing them to customers in the affected areas.

Henry Schein’s BlackCat Breach

Following the breach, the ransomware gang BlackCat added Henry Schein to its dark web leak forum, taking responsibility for breaching the company’s network. BlackCat notes that it has stolen 35 terabytes of the company’s crucial data. 

The cybercrime organization claims that they re-encrypted the company's devices while Henry Schein was about to restore its systems, following a breakdown in negotiations toward the end of October.

This would make the event this month the third time that BlackCat has compromised Henry Schein's network and encrypted its computers after doing so on October 15.

"Despite ongoing discussions with Henry's team, we have not received any indication of their willingness to prioritize the security of their clients, partners, and employees, let alone protect their own network," the threat actors said.

The ransomware group further warned of releasing their internal payroll data and shareholder folders to their collective blog by midnight. 

Initially discovered in November 2021, BlackCat is believed to have rebranded itself from the popular DarkSide/BlackMatter gang. DarkSide has earlier gained global recognition by initiating attacks on Colonial Pipelines, prompting extensive law enforcement probes.

Moreover, the FBI has linked the ransomware group to over 60 breaches, between November 2021 and March 2022, affecting companies globally.  

Read more »
User Privacy
Confidential Data Data Breach Data protection Healthcare Data Protocols unauthorised access United States User Data User Privacy

Welltok Data Breach: 8.5 Million U.S. Patients' Information Compromised

The personal data of 8.5 million American patients was at risk due to a data breach that occurred recently at Welltok, a well-known supplier of healthcare solutions. Since cybersecurity specialists found the intrusion, the organization has been attempting to resolve the issue and minimize any possible harm.

According to reports from Bleeping Computer, the breach has exposed a vast amount of sensitive data, including patients' names, addresses, medical histories, and other confidential information. This breach not only raises concerns about the privacy and security of patient data but also highlights the increasing sophistication of cyber threats in the healthcare sector.

Welltok has promptly responded to the incident, acknowledging the breach through a notice posted on their official website. The company has assured affected individuals that it is taking necessary steps to investigate the breach, enhance its security measures, and collaborate with law enforcement agencies to identify the perpetrators.

The impact of this breach extends beyond the United States, as reports from sources suggest that the compromised data includes patients from various regions. This global reach amplifies the urgency for international cooperation in addressing cyber threats and fortifying data protection measures in the healthcare industry.

Cybersecurity analysts estimate that the breach may have affected up to 11 million patients, emphasizing the scale and severity of the incident. The potential consequences of such a breach are far-reaching, ranging from identity theft to unauthorized access to medical records, posing serious risks to individuals' well-being.

This incident underscores the critical need for organizations, especially those handling sensitive healthcare data, to continuously assess and strengthen their cybersecurity protocols. As technology advances, so do the methods employed by malicious actors, making it imperative for companies to stay vigilant and proactive in safeguarding the privacy and security of their users.

The ongoing risks to the healthcare sector are brought home sharply by the Welltok data hack. The company's efforts to stop the breach and safeguard the impacted parties serve as a reminder of the larger difficulties businesses encounter in preserving the confidentiality of sensitive data in the increasingly linked digital world.

Read more »
Subscribe to: Posts (Atom)