Florida’s leading third-party healthcare administration and managed care solution provider, Independent Living Systems (ILS), acknowledged the data breach where over 4.2 million individuals’ personal data was affected.
Considering ILS and its massive data breach, it can be declared the biggest data breach in the healthcare sector this year.
As per the reports, it is noted that the company filed the data breach notice with the Maine Attorney General on March 14th, and as per the investigation, it was found that the threat actors were on the ILS databases between June 30th and July 5th, 2022.
The notice has also stated that “the unauthorized actor acquired some information stored on the ILS network, and other information was accessible and potentially viewed.”
With the data breach at ILS, the threat actors have successfully accessed vital and sensitive information such as patient names, addresses, medical information, social security and taxpayer identification numbers, and health insurance information.
As reported first by BleepingComputer, ILS has taken responsibility and started an internal investigation of the data breach. Within six months, ILS has done a great job of identifying the individuals affected by the data breach.
All these potentially affected individuals are provided with a prior notification about the incident on September 2nd, 2022. After finalizing the impacted individuals, the letters of notice have started rolling out from March 14th.
The data breach-affected individuals are offered a one-year identity protection service by Experian free of charge by the ISL to prevent further phishing or social engineering attacks.
Even with the enhanced security standards, data breaches are common in sectors such as healthcare, manufacturing, financial services, government, etc. Unfortunately, the medical sector witnessed several data breaches holding millions of people’s sensitive medical data.
Speaking of the recent data breach incidents in the medical sector, several prominent medical groups were hit by the ransomware attack in February 2023, where 3.3 million patients’ personal and sensitive information was at risk.
CHS (Community Health Systems) reported zero-day vulnerability with the “Fortra’s GoAnywhere MFT product” within a few days of this attack, leading to the data breach.
Alongside these prominent organizations, many minor organizations from different sectors have been victims of data breaches.
The above-listed events are prime examples of how significant these data breaches are and how dangerous they could be.