Unencrypted patient medical records and other personal data stolen from US healthcare firm
Date:
Thu, 11 Jan 2024 14:20:56 +0000
Description:
HMG Healthcare lost customer data in a cyberattack last summer, but exact details remain scarce.
FULL STORY ======================================================================
HMG Healthcare, a premier Texas healthcare service provider, suffered a cyberattack last summer that resulted in the theft of sensitive customer
data, leading to the possible risk of identity theft and other scams.
The company confirmed the news in a notice published on its website signed by Chief Executive Officer & Managing Partner, Derek Prince which states it suffered a data breach in August 2023, but only became aware of it in November.
During the attack, hackers stole unencrypted customer data sitting on the companys servers, including names, dates of birth, contact information, general health information, information regarding medical treatment, social security numbers and/or employment records. Who are the attackers?
The company tried to identify the specific data that was compromised, but later concluded that such identification is not feasible.
The breach was fully mitigated, and the hackers were ousted from the companys endpoints, the letter confirmed.
Unfortunately, there are many details missing from the breach notification letter. We reached out to HMG with more questions, and will update the
article if we hear back from them.
At press time, there was no information on who the attackers are, or whether or not this was a ransomware attack. Usually, hackers that steal data also encrypt the victims systems and demand payment in cryptocurrency in exchange for the decryption key. Also, they demand money not to release the stolen
data on the internet.
We also dont know how many people were affected by the breach. According to the HMG website, the company has roughly 3,500 patients and 4,100 employees. If the hackers stole sensitive data of both current and former employees and customers, the number of affected individuals could be counted in tens of thousands, if not hundreds.
Finally, we asked HMG to clarify how the threat actors managed to breach the endpoints, if there were any malware, or social engineering involved. We also wanted to know if the company is planning on offering free identity and
credit monitoring services to affected individuals. The type of data that was stolen is usually used in phishing and identity theft attacks.
While we believe that the breach has been mitigated, you can take steps to protect yourself or loved one by monitoring account statements, explanations of benefits, and credit bureau reports closely. You may also review the Additional Information provided below as a resource, Princes letter
concludes. More from TechRadar Pro Another top US mortgage firm hit by major cyberattack Here's a list of the best firewalls around today These are the best endpoint security tools right now
======================================================================
Link to news story:
https://www.techradar.com/pro/security/unencrypted-patient-medical-records-and -other-personal-data-stolen-from-us-healthcare-firm
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)