Medusind, a medical billing provider, disclosed a data breach that occurred in December 2023 and affected over 360,000 individuals. Medusind is a company that provides medical billing, coding, and revenue cycle management (RCM) services to healthcare organizations, including medical practices, dental practices, and other providers. The company disclosed a data breach discovered on December 29, […] Medusind, a medical billing provider, disclosed a data breach that occurred in December 2023 and affected over 360,000 individuals. Medusind is a company that provides medical billing, coding, and revenue cycle management (RCM) services to healthcare organizations, including medical practices, dental practices, and other providers. The company disclosed a data breach discovered on December 29, 2023, that impacted 360,934 individuals. Immediately after discovering the security breach, the company started the investigation with the help of a cybersecurity forensic firm. “On December 29, 2023, Medusind discovered suspicious activity within its IT network. Upon discovering the suspicious activity, Medusind took the affected systems offline and hired a leading cybersecurity forensic firm to conduct an investigation.” reads the data breach notification letter sent to the impacted individuals. “Through this investigation, we found evidence that a cybercriminal may have obtained a copy of certain files containing your personal information. Additionally, we implemented enhanced security measures to prevent similar incidents from occurring in the future.” The experts determined that threat actors may have stolen certain files containing different types of information, including health insurance and billing information (such as insurance policy numbers or claims/benefits information), payment information (such as debit/credit card numbers or bank account information), health information (such as medical history, medical record number, or prescription information), government identification (such as Social Security number, taxpayer ID, driver’s license, or passport number), and other personal information (such as date of birth, email, address, or phone number). The information impacted varies by individual. Medusind did not share details about the attack, it is unclear if the company was the victim of a ransomware attack. At this time, not ransomware gang claimed responsibility for the attack. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs hacking, data breach)
Published: 2025-01-09T22:36:54