California-based respiratory care provider SuperCare Health has confirmed a data breach that led to the exposure of sensitive personal information for over 300,000 patients.
In a notice on its official webpage, SuperCare said it discovered unauthorized activity on its computer systems in late July, before immediately starting to contain and alleviate the potential fallout.
“On July 27, 2021, we discovered unauthorized activity on our systems. In response, we immediately began containment, mitigation, and restoration efforts to terminate the activity and to secure our network, systems, and data,” the healthcare provider said. “In addition, we retained independent cybersecurity experts to conduct a forensic investigation into the incident and assist us in determining what happened.”
The full extent of the data breach was determined on Feb. 4, when the company learned that the attackers also accessed patient files with sensitive personally identifiable information.
This sensitive information included names, addresses, dates of birth, hospital or medical group, patient account number and medical record number, health insurance information, diagnostic and treatment information, and Social Security and driver’s license numbers (for a limited number of individuals).
SuperCare Health said they “have no reason to believe that any information was published, shared or misused,” but all potentially impacted patients should still take additional security measures to protect themselves against identity theft and fraud.
The company alerted all impacted individuals on March 25 and took additional security measures to prevent future incidents.
“We also reported the incident to the Federal Bureau of Investigation and will cooperate to help identify and prosecute those responsible,” SuperCare Health added.