Mainline Health Systems and Select Medical Holdings have each disclosed data breaches affecting more than 100,000 individuals.
In the case of Mainline Health, an Arkansas-based healthcare provider with over 30 locations, a network breach was detected in April 2024. However, the company only recently determined that files containing sensitive personal information were stolen at the time.
Mainline Health informed the Maine Attorney General’s Office this week that the data breach has impacted just over 101,000 people.
The Inc Ransom ransomware group took credit for the attack on Mainline Health Systems in May 2024 and leaked some of the stolen files. The threat actor launched many attacks against the US healthcare sector last year.
As for Select Medical Holdings, it recently informed the Department of Health and Human Services that a data breach has impacted nearly 120,000 people.
Select Medical Holdings is based in Pennsylvania and it operates critical illness recovery hospitals, rehabilitation hospitals, and outpatient rehabilitation clinics.
Select Medical was not directly targeted by hackers. Instead, its data was exposed in a security incident involving its former debt collection vendor, Nationwide Recovery Services (NRS).
NRS was targeted by cybercriminals last year and the attackers managed to steal information belonging to many of NRS’s healthcare customers. Some healthcare organizations reported that tens of thousands and in some cases even hundreds of thousands of people were impacted.
It’s unclear if the NRS attack was carried out by a ransomware group as no known threat actor appears to have taken credit for the attack.
It’s not uncommon for healthcare data breaches to impact hundreds of thousands and even millions of individuals.
Related: 743,000 Impacted by McLaren Health Care Data Breach
Related: Data Breach at Healthcare Services Firm Episource Impacts 5.4 Million People
Related: Asheville Eye Associates Says 147,000 Impacted by Data Breach
