U.S. nonprofit healthcare giant Maternal & Family Health Services has confirmed hackers accessed sensitive patient, financial and medical information months earlier.
In an advisory published on its website on Thursday, MFHS said a “sophisticated ransomware incident” exposed the sensitive information of current and former patients, employees and vendors. This information included names, addresses, dates of birth, Social Security numbers, driver’s license numbers, financial account data and payment card information, usernames and passwords, and medical and health insurance information.
The organization, which serves more than 90,000 individuals across Pennsylvania, said it was made aware of the incident on April 4, 2022 but may have been initially compromised as far back as August 21, 2021, citing an investigation conducted by an unnamed forensic incident response firm.
It then took MFHS a further nine months to publicly disclose the incident.
When reached for comment, Patrick McGloin, a partner at Gaffney Bennett, a public relations firm representing MFHS, declined to answer our questions beyond providing a boilerplate statement. It’s not yet known why MFHS didn’t publicly disclose the cyberattack sooner, who was behind the attack, or whether MFHS paid a ransom demand.
Healthcare organizations are a frequent target for ransomware attacks, and at least 25 healthcare providers operating 290 hospitals were hit by ransomware in 2022, according to recent data from Emsisoft. This includes Chicago-based medical giant CommonSpirit Health, which confirmed that an October ransomware attack exposed the personal data of more than 620,000 patients.
Seeking to bring greater security to AI systems, Protect AI today raised $13.5 million in a seed-funding round co-led by Acrew Capital and Boldstart Ventures with participation from Knollwood Capital, Pelion Ventures and Aviso Ventures. Ian Swanson, the co-founder and CEO, said that the capital will be put toward product development and customer outreach as […]
Emerging Indian social media app Slick left an internal database containing users’ personal information, including data of school-going children, publicly exposed to the internet for months. Since at least December 11, a database containing full names, mobile numbers, dates of birth, and profile pictures of Slick users was left online without a password. Bengaluru-based Slick launched in […]
A recent study finds that software engineers who use code-generating AI systems are more likely to cause security vulnerabilities in the apps they develop. The paper, co-authored by a team of researchers affiliated with Stanford, highlights the potential pitfalls of code-generating systems as vendors like GitHub start marketing them in earnest. “Code-generating systems are currently […]
Leave a Reply