Hackers have compromised Connexin Software Inc, a software management firm specializing in the healthcare sector, leading to a data breach affecting more than 2 million patients.
The healthcare industry is one of the most common targets for criminals, whether they’re aiming to deploy ransomware, steal private data or both. This industry deals with a lot of private information, and in many situations, its critical to patients’ well-being.
Unfortunately, criminals managed to gain access to Connexin Software’s and internal network. It took some time for the company to determine what exactly happened.
“On August 26, 2022, Connexin detected a data anomaly on our internal network,” said the company in a press release. “We immediately launched an investigation and engaged third-party forensic experts to determine the nature and scope of the incident. On September 13, 2022, we learned that an unauthorized party was able to access an offline set of patient data used for data conversion and troubleshooting. Some of that data was removed by the unauthorized party.”
Connexin said the live electronic record system wasn’t affected and that the incident involved no databases or medical records, but some information was stolen, including:
· Patient demographic data (such as patient name, guarantor name, parent/guardian name, address, email address, and date of birth
· Social Security Numbers
· health insurance information (payer name, payer contract dates, policy information including type and deductible amount and subscriber number
· medical and/or treatment information (dates of service, location, services requested or procedures performed, diagnosis, prescription information, physician names and Medical Record Numbers
· billing and/or claims information (invoices, submitted claims and appeals, and patient account identifiers used by the patients’ providers
Immediately after discovering the incident, all corporate account passwords were reset, and the patient data was moved to a more secure location. People affected by the data breach have been notified. In total, the data breach affected more than 2.2 million patients. The company said it is working with authorities in an ongoing investigation into the incident.