Florida-based medical and dental billing and revenue cycle management company Medusind has revealed that a data breach discovered in December 2023 impacts over 360,000 individuals.
The company, which serves thousands of healthcare providers, revealed in letters sent to affected individuals that it discovered an intrusion on December 29, 2023.
An investigation conducted with the aid of a cybersecurity forensic firm showed that cybercriminals may have stolen certain files containing personal and other types of information, including name, date of birth, email, address, phone number, health insurance and billing information, payment information, health information, and Social Security numbers and other government identification.
Medusind told the Maine Attorney General’s Office that the incident impacted just over 360,000 people. Affected individuals are being offered two years of free identity monitoring services.
However, since it took Medusind more than one year to complete its investigation and start notifying impacted individuals, cybercriminals would have had ample time to abuse the compromised information.
While Medusind’s brief description of the incident suggests that the company may have been targeted in a ransomware attack, SecurityWeek has not seen any known cybercrime group taking credit for the breach.
On the other hand, companies targeted in a ransomware attack could avoid a data leak by paying a ransom demanded by the attackers — although several incidents have shown that paying does not guarantee that the cybercriminals will not make stolen data public.
Healthcare organizations often suffer significant data breaches as a result of ransomware attacks.
Related: Excelsior Orthopaedics Data Breach Impacts 357,000 People
Related: New York Hospital Says Ransomware Attack Data Breach Impacts 670,000
Related: American Addiction Centers Data Breach Impacts 422,000 People
