Gryphon Healthcare and Tri-City Medical Center last week disclosed separate data breaches in which the personal information of more than 500,000 individuals was stolen.
The Houston, Texas-based billing services provider Gryphon is notifying 393,358 individuals of an incident discovered on August 13, 2024, which involved an unnamed partner “that Gryphon provides medical billing services for.”
The third-party data breach led to a threat actor accessing files containing information about patients “for whom Gryphon provides medical billing services,” the company notes in a notification letter to the impacted individuals, a copy of which was submitted to the Maine Attorney General’s Office.
According to Gryphon, names, addresses, dates of birth, Social Security number, dates of service, diagnosis and health insurance information, treatment and prescription information, provider details, and medical record numbers were compromised in the incident.
“Gryphon has no evidence to suggest that any potentially impacted information has been misused because of this incident,” the company says.
The billing services provider is offering 12 months of free identity theft protection services, including credit monitoring, an insurance reimbursement policy, and ID theft recovery services, to all impacted individuals.
Tri-City, an Oceanside, California-based full-service, acute-care public hospital, notified the Maine AGO that 108,149 people were impacted by a year-old data breach.
According to the healthcare provider, a November 2023 cyberattack that disrupted certain systems led to data exposure, and the investigation into the matter determined in late September 2024 that personal information such as names and other identifiers was compromised during the attack.
Although it detailed cyber response steps like those taken during a ransomware incident, Tri-City did not say what type of cyberattack it fell victim to. In December 2023, however, the Inc Ransom ransomware group claimed responsibility for the incident, adding Tri-City to its Tor-based leak site.
The healthcare organization is providing the affected individuals with similar free identity protection services as Gryphon.
Related: Healthcare Organizations Warned of Trinity Ransomware Attacks
Related: Tennessee Community College Suffers Ransomware Attack
Related: NY to Require Greater Public Notification of Data Breaches
Related: Spotify Informs Users of Personal Information Exposure