Healthtech firm’s cyberattack victim list keeps growing

What would a cyberattack on your local government look like? Drata analyzed threat trends to break down the growing issue.
– THOMAS SAMSON/AFP // Getty Images

Following the disclosure from healthcare technology firm HealthEC LLC that the sensitive information of nearly 4.5 million individuals was breached during a July cyberattack, the sector remains as vulnerable this year as it did last year.

Looking at this latest cyber-incident for Digital Journal is Nick Tausek, Lead Security Automation Architect at Swimlane.

Tausek begins by outlining the basis of the cyber-security incident and the implications for healthcare in general: “Health management solution company HealthEC LLC disclosed that a data breach in July of 2023 impacted nearly 4.5 million individuals. The company provides population health management (PHM) platforms to healthcare service providers and state-level systems across the country.”

In terms of what this U.S.-centric unwanted escapade actually means: “Seventeen different healthcare organizations were affected by this breach, with personally identifiable information (PII), including date of birth, social security number, and medical record numbers being accessed.”

The investigation of the incident found the intruder had stolen files from the breached systems hosting the following data types:

• Name
• Address
• Date of birth
• Social Security number
• Taxpayer Identification Number
• Medical Record number
• Medical information (diagnosis, diagnosis code, mental/physical condition, prescription information, and provider’s name and location)
• Health insurance information (beneficiary number, subscriber number, Medicaid/Medicare identification)
• Billing and claims information (patient account number, patient identification number, and treatment cost information)

The information compromised in the attack will have varied from patient to patient.

The numbers impacted have been expanding, growing since the announcement was made. Here Tausek finds: “When this cyberattack initially occurred, the number of individuals affected was listed as a little over 100,000. A new listing revealed that the number is closer to 4.5 million individuals. This disclosure reaffirms the vulnerability of the healthcare sector in 2023, an important reminder as we enter the new year.”

There are important lessons to be learned from this and similar incidents, says Tausek. This is particular so for the medical sector.

Tausek concludes with: “Healthcare organizations must prioritize threat detection and response to proactively mitigate cyber threats. By using an automated platform to identify breaches in real-time, organizations can improve the ability of their security teams to protect customer and patient data.”