Downey, California-based SuperCare Health, a post-acute in-home respiratory care supplier for the western states in the USA, has begun contacting 318,379 patients to inform them that a portion of their PHI may have been accessed by unauthorized people during a cyberattack in July 2021.
SuperCare Health, in a breach notification letter circulated on March 25 this year, revealed that it became aware of the unauthorized access to the group databases and IT systems for the first time on July 27, 2021. Following the discovery the group moved swiftly to implement countereactive measure and lock down the network to avoid additional unauthorized access attempts from being successful. In addition to this an external group of cybersecurity specialists was contract to review the damage that may have been inflicted by the cyber attack.
After an initial review of the incident it was concluded that unauthorized actors were able to gain access to sections of the groups databases for a time period from July 23, 2021, to July 27, 2021. During this time, it was also discovered, those unauthorized individuals were able to access data on the network that included a number of patients’ protected health information.
The cybersecurity firm conducted a deep dive in the contents of the files and were able to ascertain, on February 4 2022, that sensitive patient data including names, addresses, birthdays details, locations of treatment, patient account specifics, medical records, health insurance data, testing/diagnostic/treatment results, other health-connected details, and claims reports. A smaller portion of people had their Social Security numbers and/or driver’s license numbers accessed.
A statement released by SuperCare Health revealed that the cyber attack has resulted in the group conducted a review of its security measures and the configuration of some new precautions has been completed in order to enhance the security surrounding the personal and protected health information of its clients.
In addition to this, SuperCare Health is giving who had their PHI impacted in the breach the chance to avail of free membership to an identity theft protection service, which incorporates credit monitoring, dark web security and an identity theft reimbursement insurance provision.