Cybernews reports that U.S. health provider Cherry Health had data from 185,000 patients compromised following a ransomware attack in December.
Information affected by the intrusion, which also resulted in the disruption of some of its systems, included individuals' names, birthdates, addresses, phone numbers, Social Security numbers, patient ID numbers, health insurance ID numbers and information, provider names, service dates, diagnosis or treatment details, prescriptions, and financial account data, said Cherry Health in a filing submitted to the Office of the Maine Attorney General.
Individuals whose data may have been impacted by the breach have been urged by the provider to be vigilant of suspicious account statements and credit reports that may indicate possible identity theft and fraud.
Health organizations have long been attractive cybercrime targets, with threat actors using exfiltrated personally identifiable information to not only enable medical identity theft and phishing attacks but also engage with other malicious actors.