Group Well being Middle (CHC), a number one Connecticut healthcare supplier, is notifying over 1 million sufferers of an information breach that impacted their private and well being knowledge.
The non-profit group offers major medical, dental, and psychological well being companies to greater than 145,000 lively sufferers.
CHC mentioned in a Thursday submitting with Maine’s lawyer normal that unknown attackers gained entry to its community in mid-October 2024, a breach found greater than two months later, on January 2, 2025.
Whereas the menace actors stole information containing sufferers’ private and well being data belonging to 1,060,936 people, the healthcare group says they did not encrypt any compromised methods and that the safety breach did not influence its operations.
Investigators employed to evaluate the incident’s influence and safe CHC’s methods discovered that “a skilled criminal hacker” was behind the assault.
“Fortunately, the criminal hacker did not delete or lock any of our data, and the criminal’s activity did not affect our daily operations. We believe we stopped the criminal hacker’s access within hours, and that there is no current threat to our systems,” CHC added.
Relying on the affected affected person, the attackers stole a mix of:
- private (names, dates of beginning, addresses, cellphone numbers, emails, Social Safety numbers) or
- well being data (medical diagnoses, therapy particulars, check outcomes, and medical insurance.
A CHC spokesperson was not instantly accessible when BleepingComputer reached out for extra particulars on the incident.
Whereas CHC mentioned the hackers did not encrypt any of its methods, extra ransomware operations have switched ways to turn out to be knowledge theft extortion teams in recent times.
For example, the BianLian ransomware gang regularly deserted file encryption after Avast launched a free decryptor in January 2023. A joint advisory issued by CISA, the FBI, and the Australian Cyber Security Centre additionally confirmed this in November 2024.
This week, the New York Blood Middle (NYBC), one of many world’s largest unbiased blood assortment and distribution organizations, additionally disclosed {that a} Sunday ransomware assault compelled it to reschedule some appointments.
Over the weekend, UnitedHealth additionally revealed that roughly 190 million People had their private and healthcare knowledge stolen in final 12 months’s Change Healthcare ransomware assault, practically doubling the earlier determine of 100 million disclosed in October.
In response to this surge of huge healthcare safety breaches, the U.S. Division of Well being and Human Providers (HHS) proposed updates to HIPAA (brief for Well being Insurance coverage Portability and Accountability Act of 1996) in late December to safe sufferers’ well being knowledge.
