Data Breach in Healthcare Software Vendor Impacted 2.2 Million Patients

Colin Thierry
Colin Thierry Writer
Colin Thierry Colin Thierry Writer

Hackers compromised the system of Connexin Software Inc, leading to a data breach that impacted more than 2.2 million patients. Connexin is a software management firm that specializes in the healthcare sector.

Threat actors were able to gain access to Connexin Software’s system and internal network in order to extract patients’ data. However, it took some time for the company to figure out exactly what happened.

“On Aug. 26, 2022, Connexin detected a data anomaly on our internal network,” Connexin said in a press release. “We immediately launched an investigation and engaged third-party forensic experts to determine the nature and scope of the incident. On September 13, 2022, we learned that an unauthorized party was able to access an offline set of patient data used for data conversion and troubleshooting. Some of that data was removed by the unauthorized party.”

Connexin maintained that the live electronic record system wasn’t impacted and that the breach involved no databases or medical records. That said, some sensitive information was still stolen by cybercriminals, which include:

  • Patient demographic data (including patient name, guarantor name, parent/guardian name, address, email address, and date of birth).
  • Social security numbers.
  • Health insurance information (payer name, payer contract dates, policy information, including type and the deductible amount and subscriber number).
  • Medical and/or treatment information (dates of service, location, services requested or procedures performed, diagnosis, prescription information, physician names, and medical record numbers).
  • Billing and/or claims information (invoices, submitted claims and appeals, and patient account identifiers used by the patients’ providers).

After discovering the incident, Connexin immediately reset all corporate account passwords and moved the patient data to a more secure location. All patients impacted by the data breach were also notified. The data breach ended up impacting more than 2.2 million people in total. The company also said that it’s currently working with authorities while they investigate the incident.

About the Author

About the Author

Colin Thierry is a former cybersecurity researcher and journalist for SafetyDetectives who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.