Medusind, a prominent provider of revenue cycle management and practice management software based in Florida, has disclosed a significant data breach impacting 360,934 individuals. Detected and halted on December 23, 2023, during an unauthorized intrusion, this breach has only recently been communicated to affected parties.* A comprehensive investigation by a third-party cybersecurity firm uncovered data exfiltration, leading to the notification process now being completed. Those affected are being offered complimentary two-year credit monitoring and identity theft protection services.

Details of Compromised Information

Compromised data from this breach potentially includes: - Health insurance and billing details - Financial information such as debit/credit card numbers or bank details - Health records, including medical history, medical record numbers, or prescription data - Personal identification such as Social Security numbers, taxpayer IDs, driver’s license numbers, or passport information - Other personal details like birth dates, email addresses, residential addresses, and phone numbers In response, Medusind has enhanced its cybersecurity measures to mitigate future risks.

Suspicious Activity Detected at Indiana University Health

On January 7, 2025, Indiana University Health (IU Health) unveiled a security breach after suspicious activity was identified in an email account back in November 2024. Investigation by a cybersecurity firm confirmed access by the threat actor from August 27 to October 2, 2024. The breach affected varied personal information, including names, addresses, ages, and medical details. Those whose Social Security numbers were involved will receive a year of free credit monitoring. The number of individuals affected remains unlisted by the Office for Civil Rights.

Ransomware Strikes Mid-Ohio Psychological Services Inc.*

Mid-Ohio Psychological Services Inc., a healthcare provider in Lancaster, OH, experienced a ransomware attack compromising sensitive data of 40,345 patients. Detected on October 21, 2024, the breach involved access to information including names, birth dates, Social Security numbers, and financial data. Although reported to the HHS’ Office for Civil Rights, details remain limited. Black Suit, a ransomware gang formerly known as Royal, has claimed responsibility, supposedly exfiltrating 168 GB of data.

Data Exposure at Khalil Center Involving Vendor

The Khalil Center, a psychological and community wellness organization, learned of a data exposure incident involving its vendor, Transform Studios. The data, exposed through an unsecured Amazon S3 bucket, affects 1,153 individuals. The breach, now secured, has been reported to the HHS Office for Civil Rights. Meanwhile, the Killsec threat group claims to possess the exposed data, attempting extortion. These incidents highlight the critical and ongoing need for stringent data protection measures across the healthcare sector to safeguard sensitive information.

The link has been copied!