Pennsylvania-based nonprofit health provider Maternal & Family Health Services has confirmed cybercriminals accessed the sensitive data of close to half a million people.
MFHS revealed last week that it had been hit by ransomware that exposed the personal data of current and former patients, employees and vendors. The healthcare giant said it was made aware of the incident on April 4, 2022 but admitted that may have been initially compromised as far back as August 21, 2021.
When asked by TechCrunch at the time, MFHS declined to confirm how many individuals were affected. However, a notification from the Maine attorney general’s office this week reported that a total of 461,070 people, including 68 Maine residents, are affected by the breach.
In a letter sent to affected residents on January 10 — more than nine months after the organization was first alerted to the ransomware incident — MFHS said that attackers accessed sensitive data, including names, addresses, date of birth, driver license numbers, Social Security numbers, usernames and passwords, health insurance and medical information, and financial information. The attackers also took credit and debit card numbers, the notification said.
It remains unclear who was behind the ransomware attack, if MFHS paid a ransom demand and why the nonprofit didn’t disclose the incident sooner. MFHS didn’t immediately respond to TechCrunch’s questions on Wednesday, and it doesn’t appear that any major ransomware group has yet claimed responsibility for the incident.
https://techcrunch.com/
This holiday season, consider giving the gift of security with an ad blocker. That’s the takeaway message from an unlikely source — the FBI — which this week issued an alert warning that cybercriminals are using online ads in search results with the ultimate goal of stealing or extorting money from victims. In a pre-holiday […]
On January 1, a technologist who goes by the nickname regexer received an email saying he had successfully reset his account at the crypto exchange Coinbase. Unfortunately — and worryingly — he had actually not requested a password reset. Regexer, who asked to be referred to by his online moniker for fear of being targeted […]
The hackers who reportedly hit more than 130 organizations last year and stole the credentials of almost 10,000 employees are still targeting several tech and video game companies, according to a report obtained by TechCrunch. The report, prepared by cybersecurity firm CrowdStrike, calls the hackers “Scattered Spider.” In a previous publicly available report, the company said […]
Leave a Reply