Medusind, a prominent healthcare billing provider serving over 6,000 healthcare organizations across the US and India, has disclosed a significant data breach that occurred in December 2023. The breach, affecting 360,934 individuals, was discovered following suspicious network activity.
The exposed information includes:
– Health insurance and billing details
– Payment information (credit/debit cards, bank accounts)
– Medical records and prescription information
– Government-issued identification numbers
– Personal data (birth dates, contact information)
In response, Medusind has:
– Taken affected systems offline
– Engaged cybersecurity forensics experts
– Offered two years of free Kroll identity monitoring services
– Advised victims to monitor financial statements and credit reports
This incident follows recent major healthcare sector breaches, including:
– Ascension: 5.6 million affected (Black Basta ransomware attack)
– UnitedHealth/Change Healthcare: Over 100 million impacted
The breach notification coincides with the U.S. Department of Health and Human Services’ proposed HIPAA updates, which mandate enhanced security measures including:
– Mandatory data encryption
– Implementation of multifactor authentication
– Network segmentation requirements
These new regulations aim to address the rising trend of healthcare data breaches and better protect patient information in the digital age.