FlagThis

UnitedHealth Group has confirmed a massive data breach, stemming from a ransomware attack on its subsidiary, Change Healthcare, in February 2024. This breach has impacted approximately 190 million Americans, nearly doubling the initial estimate, making it one of the largest healthcare data breaches in US history. This incident underscores the significant cybersecurity risks in the healthcare sector and the vulnerability of large healthcare organizations.

US dental and medical billing firm Medusind is notifying over 360,000 customers that their personal, financial and medical data may have been accessed by a cybercriminal actor. The breach relates to a cyber incident that took place back on December 29, 2023. The compromised information includes names, birthdates, email addresses, phone numbers, Social Security numbers, driver’s licenses, taxpayer IDs, payment details, and health insurance information.

American Addiction Centers, a substance abuse treatment provider, suffered a data breach which resulted in the theft of personal data of 422,424 individuals. The breach, which occurred in September, compromised internal servers, leading to the exfiltration of sensitive information. This incident underscores the continued risk to healthcare providers and the importance of robust data security measures to protect patient data.

ConnectOnCall, a healthcare communication platform, suffered a significant data breach that exposed the personal information of approximately 900,000 patients and healthcare providers. The breach occurred in May 2024 and involved the compromise of sensitive data, potentially including names, contact information, and medical details. The attackers exploited a vulnerability that allowed them to gain unauthorized access to the platform’s systems. This incident highlights the critical need for robust security measures in healthcare communication platforms to protect patient data and ensure privacy, given that these breaches can have serious consequences for affected individuals, including potential identity theft and misuse of personal health information.

A cyberattack caused a major incident at the UK’s Wirral University Teaching Hospital (WUTH), resulting in postponed appointments and procedures and a system outage. The hospital moved to paper-based methods and continues to experience disruptions. This highlights the vulnerability of healthcare systems to cyberattacks and the potential for serious disruption to patient care.