Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Gryphon Healthcare, Tri-City Medical Center Disclose Significant Data Breaches

Gryphon Healthcare and Tri-City Medical Center have disclosed data breaches collectively impacting over 500,000 individuals.

Gryphon Healthcare and Tri-City Medical Center last week disclosed separate data breaches in which the personal information of more than 500,000 individuals was stolen.

The Houston, Texas-based billing services provider Gryphon is notifying 393,358 individuals of an incident discovered on August 13, 2024, which involved an unnamed partner “that Gryphon provides medical billing services for.”

The third-party data breach led to a threat actor accessing files containing information about patients “for whom Gryphon provides medical billing services,” the company notes in a notification letter to the impacted individuals, a copy of which was submitted to the Maine Attorney General’s Office.

According to Gryphon, names, addresses, dates of birth, Social Security number, dates of service, diagnosis and health insurance information, treatment and prescription information, provider details, and medical record numbers were compromised in the incident.

“Gryphon has no evidence to suggest that any potentially impacted information has been misused because of this incident,” the company says.

The billing services provider is offering 12 months of free identity theft protection services, including credit monitoring, an insurance reimbursement policy, and ID theft recovery services, to all impacted individuals.

Tri-City, an Oceanside, California-based full-service, acute-care public hospital, notified the Maine AGO that 108,149 people were impacted by a year-old data breach.

According to the healthcare provider, a November 2023 cyberattack that disrupted certain systems led to data exposure, and the investigation into the matter determined in late September 2024 that personal information such as names and other identifiers was compromised during the attack.

Advertisement. Scroll to continue reading.

Although it detailed cyber response steps like those taken during a ransomware incident, Tri-City did not say what type of cyberattack it fell victim to. In December 2023, however, the Inc Ransom ransomware group claimed responsibility for the incident, adding Tri-City to its Tor-based leak site.

The healthcare organization is providing the affected individuals with similar free identity protection services as Gryphon.

Related: Healthcare Organizations Warned of Trinity Ransomware Attacks

Related: Tennessee Community College Suffers Ransomware Attack

Related: NY to Require Greater Public Notification of Data Breaches

Related: Spotify Informs Users of Personal Information Exposure

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Jared Bartel has been named CISO at Idaho State University.

Automated phishing protection and scam prevention company Bolster has appointed Rod Schultz as CEO.

Bugcrowd has appointed Trey Ford as CISO for the Americas.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.