Miami-based healthcare revenue cycle management service provider Medusind had data from 360,934 individuals exfiltrated following a cyberattack in December 2023, reports BleepingComputer.
Information compromised in the breach included not only names, birthdates, email addresses, and phone numbers, but also Social Security numbers, driver's licenses, taxpayer IDs, payment details, and health and health insurance and billing data, according to a filing with the Office of the Maine Attorney General. Impacted individuals, who were given two years of complimentary identity monitoring services, have been urged to be mindful of possible identity theft and suspicious credit report activity. Medusind's disclosure follows the Department of Health and Human Services' proposed overhaul to the Health Insurance Portability and Accountability Act that would require protected health information encryption, multi-factor authentication, and network segmentation among healthcare organizations amid mounting intrusions against the sector, including the massive ransomware attacks against UnitedHealth subsidiary Change Healthcare and Ascension Health last year.
