More than one million Americans have received an urgent warning following the theft of their medical records in a data breach.
Community Health Center (CHC), based in Connecticut, has begun emailing 1,060,936 patients to inform them that ‘a skilled criminal hacker got into our system and stole some data, which may include your personal information.’
The data could include the patient’s name, date of birth, address, phone number, email, diagnoses, treatment details, test results, Social Security number, and health insurance information.
The breach, which occurred on October 14, 2024, impacted current and former patients, ‘and all individuals who received a COVID test or vaccine at a CHC clinic.’
CHC determined that the hacker infiltrated ‘its inadequately secured computer environment,’ gaining access to its data files.
The company stated that it ‘added special software to watch for suspicious activity.’
The law firm investigating claims on behalf of patients stated: ‘These individuals’ personal and highly sensitive information may be in the hands of cybercriminals who can sell it on the dark web or use it to commit identity theft.’
Murphy Law Firm is currently investigating the breach to see if a class action lawsuit can be brought against CHC.
CHC reported that patients who received a COVID test or vaccine at one of its clinics had their name, date of birth, phone number, email address, gender, race, ethnicity, and insurance information stolen.
CHC discovered the data breach after noticing ‘unusual activity’ in its computer system last month.
‘That same day, we brought in experts to investigate and strengthen the security of our systems,’ the company email to patients reads.
‘The criminal hacker did not delete or lock any of our data, and their actions had no impact on our daily operations.
“We believe we stopped the criminal hacker’s access within hours and that there is no current threat to our systems.
‘So far, there is no indication that your information has been misused.’
DailyMail.com has contacted CHC for comment.
The company has provided patients with free access to IDX, a credit monitoring and data protection company.
‘If you require assistance, IDX will work with you to resolve any issues with your identity,’ said CHC.
According to the HIPPA journal, there were an average of 16,395,000 records breached per month in 2024.
‘Despite its critical importance to Americans’ well-being and privacy, the healthcare industry has some of the worst cybersecurity practices in the country,’ Senator Mark Warner stated.
However, the HIPPA report noted that the number for 2024 was’skewed by the massive data breach at Change Healthcare, which affected an estimated 100 million individuals.’
Change Healthcare, which is owned by UnitedHealth Group, was the victim of a cyberattack in February but only revealed the full scope of the attack in October.
It initially reported in July that only 500 patients’ records had been compromised, but the number was later discovered to be at least 100 million.
The attack was carried out by the BlackCat/ALPHV ransomware group, which hoped to collect a million dollars.
Change Healthcare was said to have paid a $22 million ransom, but the attackers claimed they had not been paid and gave the stolen data to another group, who then attempted a second extortion of the company.
‘Not only was this the largest healthcare data breach of all time, but it also caused more disruption than any other healthcare cyberattack due to the number of healthcare organizations that relied on Change Healthcare’s systems and the extended outage,’ according to the HIPPA journal report.
‘The attack prevented patients from obtaining medications unless they could pay for them out of their own pockets, and the outage caused severe disruption to healthcare providers’ revenue cycles, forcing many small practices to close.’