Following security incidents at two medical payment service providers, personally identifiable information (PII) of 33 million French individuals has been exposed. At the beginning of February, two third-party payment providers, Viamedis and Almerys both revealed that they had suffered malicious intrusions into their IT systems that had compromised a significant amount of patient data. Fortunately, neither provider stores healthcare nor financial information, so the only information that was exposed is PII such as patient names, social security numbers, and birthdates.
Prudential Financial confirms data breach
In the first week of February, officials for Prudential Financial submitted an 8-K filing to the SEC that revealed a data breach that stemmed from a network intrusion that compromised several systems that contained both user and employee data. As the investigation is still ongoing, it is unclear as to how many of the company’s 40,000 employees may have been affected by this breach or how much information was accessed and possibly exfiltrated. Officials have revealed that a ransomware group was behind the incident, though they also have not revealed which group is responsible, nor has any ransomware group added Prudential Financial to their data leak site.
2.4 million patients compromised in Integris Health breach
Late last year, officials for Oklahoma’s largest non-profit healthcare network, Integris Health announced that they had suffered a cybersecurity incident that had exposed sensitive data for over 2.4 million patients. The threat actors behind this incident quickly began sending breach notifications to patients, and even offering victims the ability to view their own data and have it removed for $50, or view another victim’s data for only $3, before the final deadline on January 5th. While Integris Health officials have confirmed that the data was only exfiltrated, and not encrypted on their systems, the payment deadline has long since passed without any confirmation of completed negotiations, which means the data is already being sold or passed around to other threat actors.
Bank of America reveals service provider breach
Officials for Bank of America have recently begun contacting their customers about a data breach at one of their service providers, Infosys McCamish Systems (IMS) in November of 2023. It is believed that over 57,000 customers had their personal and financial information compromised during this incident, which the ransomware group, LockBit have claimed credit for and revealed they had encrypted over 2000 systems during the attack. Fortunately, staff at Bank of America have confirmed that none of their internal systems had been affected.
Phobos ransomware takes down 100 Romanian hospitals
Over the weekend, threat actors from the Phobos ransomware group launched an attack against Hipocrate Information System (HIS), which provides medical and admin services to hundreds of healthcare facilities throughout Europe. The attack affected 100 hospitals in Romania and forced them all to take their systems offline, to avoid further damage and encryption, as HIS production servers were targeted and encrypted. As the investigation continues, it is still unclear if any patient data was compromised, though the 3.5 BTC ransom has yet to be paid.