Immediate action has been taken to protect Free's information systems following the incident, which has not affected operations nor compromised customer credentials, communications content, and banking information, according to a spokesperson.
Investigation into the incident, which concluded in early September, revealed the breach of individuals' names, Social Security numbers, government IDs, health insurance details, financial account information, and medical treatment data, according to county officials.
Such disclosure of the attack to the Office of the Maine Attorney General comes more than a year after Henry Schein was breached twice by ALPHV/BlackCat, which initially admitted to have stolen 35 TB of files from the firm in Oct. 2023 before claiming another attack nearly a month later before eventually exposing some of the stolen data.
Included in the information exfiltrated as a result of the incident were names, tax identification numbers, and Social Security numbers, with a subset of individuals also having their bank account information, driver's license numbers, passport numbers, medical details, routing numbers, health insurance policy details, and life and annuity policy data exposed.
Investigation into the incident revealed that infiltration of Change Healthcare's employee systems through stolen credentials without multi-factor authentication enabled the eventual compromise of the firm's network with ransomware.
Ever heard someone say, "the attacker only has to be right once, but the defender has to get it right every time"? On this episode, we'll dispel that myth. There is some truth to the saying, but only with regards to initial access to the target's environment. Once on the inside, the attacker's advantage flips to the defender. Call it the 'Home Alon...
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
