The health insurance provider, Choice Health located in South Carolina, currently a part of Alight Solutions, has just reported that the protected health information (PHI) of several of its members was obtained by an unauthorized individual.
Choice Health learned on May 14, 2022, that someone was giving a collection of information that was purportedly taken from Choice Health. On May 18, 2022, an investigation of a likely breach established that just one Choice Health database was compromised online because of “a technical safety settings concern due to a third-party vendor.” Because of the problem, the database is accessible on the internet with no need for authorization.
Choice Health confirmed that the database was discovered and selected database files were duplicated by an unauthorized person on May 7, 2022. As per the notice filed with the California Attorney General, the files included data such as last and first names, Medicare beneficiary identification numbers, Social Security numbers, dates of birth, addresses and contact data, and medical insurance details.
Choice Health stated it employed a third-party service agency to secure the storage system and affirmed that it was not accessible anymore over the web. Steps were likewise undertaken to avert the same problems down the road, such as using multi-factor authentication before accessing its database files.
Choice Health mentioned it hasn’t found any improper use of plan member data; nevertheless, it has mailed notifications to affected people and has given them a membership to a credit monitoring and identity theft protection and resolution service for two years.
At this time, it is uncertain how many persons were impacted. Databreaches.net said that the forum post offering the files claimed 600MB of information were acquired having 2,141,006 files. The files were identified as containing details like Agents, Contacts Commission, and Policies.
Goodman Campbell Brain and Spine Experiences Ransomware Attack
Goodman Campbell Brain and Spine based in Indianapolis, IN, has lately reported that it encountered a cyberattack last May 20, 2022. Because of this attack, there was a shutdown of its computer and communication systems. Goodman Campbell stated steps were quickly undertaken to protect its systems. A third-party company assisted with the investigation and response to the incident.
At this point, the investigation has not yet determined what is the full nature of the cyberattack and the magnitude of compromise of the patients’ PHI; however, thus far it is certain that an unauthorized individual has accessed patient and employee information. Breach notification letters will be mailed to the impacted people as soon as the investigation is complete and it is obvious which persons were impacted and the types of information that were exposed. Meanwhile, Goodman Campbell has instructed all patients to check their credit reports, acquire a scam alert, and put their credit on a security freeze as a safety measure.
Goodman Campbell did not reveal the specific nature of the cyberattack; nonetheless, the Hive ransomware group has claimed it conducted the attack and has published a part of the stolen information on its leak website.