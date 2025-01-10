Breach, Critical Infrastructure Security, Ransomware

Data breach disclosed by BayMark Health Services

AI technologies in enhancing healthcare data security.

(Adobe Stock)

Major North American substance use disorder and mental health disorder treatment provider BayMark Health Services has alerted patients of the compromise of their personal and health information following a September cyberattack previously admitted by the RansomHub ransomware-as-a-service operationBleepingComputer reports.

Threat actors who infiltrated BayMark's systems from Sep. 24 to Oct. 14 were able to steal individuals' names, birthdates, Social Security numbers, driver's license numbers, insurance details, received services, service dates, and treatment and diagnostic information, said BayMark in breach notices that did not specify the number of people affected by the incident. Such a development comes after RansomHub — which previously exposed Change Healthcare data and targeted Rite Aid and Halliburton, among others — admitted to having exfiltrated 1.5 TB of files from BayMark, which were since posted on their leak site. Increasingly severe data breaches in the healthcare sector have also prompted the Department of Health and Human Services to propose the inclusion of more stringent health data protections under the Health Insurance Portability and Accountability Act.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Related

Over 360K impacted by Medusind breach

Information compromised in the breach included not only names, birthdates, email addresses, and phone numbers, but also Social Security numbers, driver's licenses, taxpayer IDs, payment details, and health and health insurance and billing data, according to a filing with the Office of the Maine Attorney General.

Database compromise confirmed by UN civil aviation agency

Unauthorized access to the database prompted the exfiltration of recruitment-related information from April 2016 to July 2024, including applicants' names, birthdates, email addresses, and employment history, but not their financial details, passports, credentials, and uploaded documents.

Gravy Analytics purportedly hacked

Additional details regarding the incident, which was initially reported by independent tech news outlet 404media, remain uncertain but cybersecurity researchers John Hammond of Huntress and Marley Smith of RedSense have confirmed the veracity of the nearly 1.4 GB of data exposed by the threat actor on the XSS website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Attack Vector

You can skip this ad in 5 seconds