Independent Living Systems (ILS), a Miami-based provider of healthcare and managed care administration solutions, suffered a data breach that exposed the personal information of 4,226,508 individuals.
The number of people affected makes it the largest healthcare data breach disclosed this year.
According to the notification submitted to the Maine Attorney General’s Office, the company discovered that its network had been hacked on July 5, 2022.
During the ensuing investigation, the company discovered that the perpetrators had access to the ILS systems between June 30 and July 5, 2022 and had access to the data during that time.
“Through its response efforts, ILS learned that an unauthorized actor gained access to certain ILS systems between June 30 and July 5, 2022,” read the data breach notice.
“During this period, some information stored on the ILS network was acquired by the unauthorized actor, and other information was accessed and potentially viewed.”
During this time, threat actors may have accessed patients’ personal information, including:
- Full name
- Social Security number
- Tax Identification Number
- Medical Information
- Health insurance information
Threat actors could use this information to launch phishing or social engineering attacks against those exposed, and this has serious implications for the privacy of affected patients.
ILS says its internal review determining which individuals or entities were affected was completed on January 17, 2023, more than six months after the breach was discovered.
However, the firm clarifies that some affected people were notified of the incident on September 2, 2022, based on preliminary results.
Finally, the notifications include instructions to sign up for one year of free identity protection services from Experian.
The first quarter of 2023 saw a number of notable data breaches in the healthcare sector, exposing the sensitive medical data of millions of people.
In February 2023, several medical groups in California, USA revealed that a ransomware attack had exposed the data of 3.3 million patients.
A few days later, health giant CHS (Community Health Systems) revealed that it was impacted by a zero-day vulnerability in Fortra’s GoAnywhere MFT product, which compromised some of its data.
On March 10, 2023, the Brain health platform sent data breach notices to 3.18 million peopleinforming them of a misconfiguration of the trackers used on its platform, which infringed the privacy of patients.