Alert essentials:

A breach in December 2023 at dental and medical billing firm Medusind exfiltrated data in over 360,000 personal accounts.

Those impacted by the incident are offered two years of complimentary credit monitoring and identification protection services.

 

Email Team

 

Detailed threat description:

An unauthorized party accessed patient information in a December 2023 breach at a major medical billing firm.

Medusind confirms that health insurance information, billing data, medical histories, social security numbers, and other personally identifiable information (PII) were taken from over 360,000 clients in an external cyber event.

On December 29, 2023, Medusind discovered suspicious activity within its network. Medusind took its systems offline and hired a cybersecurity forensic firm to investigate the activity.

After discovering the exfiltration of PII, Medusind secured the services of Kroll, a leader in Identity theft monitoring and mitigation. Medusind will contact persons impacted with a detailed letter offering identity monitoring for two years.

Remain vigilant against identity theft and fraud by reviewing account statements and reporting discrepancies to financial institutions.

Prevent unauthorized access to your credit report by freezing credit accounts. Contact Equifax, Experian, and Transunion agencies to establish a freeze to block unauthorized attempts at establishing new accounts. These freezes can be temporarily lifted for legitimate credit needs.

Recommendations

Leadership/ Program recommendations:

Victims are encouraged to continuously review their account statements and monitor credit reports for suspicious activity.

Fortified recommends applying patches and updates where possible and only after adequate testing in a development environment to ensure stability and compliance with organizational change management policies.

 

References: