According to the US Department of Health and Human Services, Adaptive Health Integrations (AHI), a healthcare software and billing services firm in North Dakota, suffered a data breach that affected more than half a million individuals. According to the firm, the breach occurred in mid-October last year, but it only started notifying people last month.
The notification letter, a copy of which was posted on the Montana Attorney General’s website, states that the firm was made aware of the attack recently and immediately took action.
“Upon learning of the issue, we contained the threat by disabling unauthorized access to our network and commenced a prompt and thorough investigation with assistance from external cybersecurity professionals. Through an extensive investigation and an internal review, which concluded on February 23, 2022, we determined that certain potentially accessed data contained personal information such as names, dates of birth, contact information, and Social Security numbers.”
The firm was quick to add that not all individuals were affected by the breach, and not all information about affected individuals was accessed.
The letter advises those affected on what they should do next. In it, individuals are encouraged to enrol in free, 12-month complimentary identity monitor services provided by a third party. Doing so opens up additional services to help clients, such as fraud consultation and identity theft restoration.
HIPAA Journal noted that the letter has no information about Adaptive Health Integrations or why it keeps people’s protected health information (PHI). Recipients of the letter also questioned its legitimacy because it used paper with a photocopied company logo, making it look dubious and unprofessional. After checking the website (screenshot below), some letter recipients thought it was a scam.
A couple of law firms, namely Murphy Law Firm in Oklahoma and Migliaccio & Rathod LLP in Washington, are conducting their own investigation on behalf of individuals affected by the breach. Both firms made their announcements days apart.
The post US healthcare billing services group hacked, affecting at least half a million individuals appeared first on Malwarebytes Labs.