A significant data breach has occurred at the Community Health Center (CHC), a US-based nonprofit organization providing patient-centered healthcare. This is the third case within a span of just 7 days.
Prior to CHC, the New York Blood Center Enterprises and the Frederick Health Center were attacked by threat actors on January 29 and January 27, respectively. Experts have already been investigating the attacks. It is yet not clear whether or not all three attacks on healthcare centers are interconnected.
CHC, a nonprofit healthcare provider, has started sending out letters to its patients, informing them about the massive data breach. The letter mentions the suspicious activity on the CHC computer back on January 2. Since then, the nonprofit healthcare center has been working closely with cybersecurity experts. Apart from this, CHC has also boosted its security systems.
The investigation has made one thing crystal clear. Experts believe that the data breach has been carried out by a ‘skilled criminal hacker.’ They managed to enter into the systems of the Community Health Center and then accessed the personal and sensitive data of the patients.
The breached data includes sensitive information such as phone numbers, dates of birth, names, emails, test results, diagnoses, treatment details, health insurance information, and Social Security Numbers of the patients.
The letter also mentions the seamless continuity of daily operations at the CHC. Besides, the healthcare provider is highly relieved as the threat actor has not wiped away crucial data. CHC believes that they have been able to block the threat actor’s access to their systems within just 60 minutes of the attack.
As of now, there’s no sign of the patient data being misused by the threat actors. However, the Community Health Center is compensating its patients through two years’ worth of identity theft protection via IDX. They are also offering two years of free CyberScan monitoring, assistance to recover stolen identities (if any), and a $1 million worth of insurance reimbursement policy.
Patients can actively get registered at IDX. CHC is sharing all the necessary details related to IDX in its letters. The healthcare center is urging the patients to make the most out of this identity protection system. The key is to leverage this facility even if the patients see no sign of threat attacks. Experts and healthcare authorities are both clueless about the real intention of the attackers.
Cybersecurity experts warn that consecutive attacks on healthcare infrastructure within just seven days highlight the urgent need for security upgrades. Strengthening phishing protection is critical to safeguarding patient data, the communication ecosystem, and the healthcare delivery system. Government authorities and experts must collaborate to implement robust cybersecurity measures and defend against evolving threats.
Cybercriminals are increasingly targeting critical infrastructures to create a sense of panic and chaos among common people. The most concerning part is that such attacks on healthcare systems can result in severe fatalities as, more often than not, cyber attacks bring daily healthcare operations and activities to a sudden halt.