Largest US addiction treatment provider notifies patients of data breach
Latest News on US Addiction Treatment and Healthcare Data Breaches
Medusind Data Breach
One of the significant data breaches in the healthcare sector involves Medusind, a major medical billing and revenue cycle management company.
- Incident Details: Medusind reported a data breach following a cybersecurity attack discovered on December 29, 2023. The breach resulted in the exposure of sensitive personal and medical information of approximately 360,934 individuals24.
- Affected Data: The compromised data includes health insurance and billing information, payment details (debit/credit card numbers, bank account information), medical history, government ID information (Social Security numbers, driver's licenses, passport numbers), and other personal data such as email addresses, phone numbers, and birth dates24.
- Response: Medusind immediately took affected systems offline and initiated an investigation with external cybersecurity experts. The company is offering two years of free identity theft monitoring through Kroll and has advised victims to monitor their account statements for any signs of identity theft or fraud24.
Cencora Data Breach
Another notable data breach involves Cencora Inc., a drug wholesale company.
- Incident Details: Cencora disclosed a data breach in May 2024, which was initially reported to the Securities and Exchange Commission on February 27, 2024. However, affected individuals were not notified until around May 17, 2024, nearly three months after the breach was discovered1.
- Affected Data: The breach exposed protected health information and personally identifiable information of patients. The lawsuit filed against Cencora claims that the company failed to protect this sensitive information from unauthorized disclosure and exfiltration1.
- Legal Action: A class action lawsuit, Wolford, et al. v. Cencora Inc., et al., has been filed in Pennsylvania federal court, alleging negligence, breach of implied contract, unjust enrichment, and breach of fiduciary duty. The plaintiff seeks to represent a nationwide class of individuals affected by the breach1.
Addiction Treatment Provider Data Incident
While the specific sources provided do not detail a recent data breach exclusively involving an addiction treatment provider in 2024, there is relevant context from similar incidents:
- American Addiction Centers: Although not specifically dated to 2024, a ransomware group hit American Addiction Centers, a substance abuse treatment service, highlighting the vulnerability of such organizations to cyberattacks5.
- General Healthcare Sector Risks: Healthcare organizations, including those providing addiction treatment, are frequently targeted by ransomware actors due to the sensitivity and value of the data they handle. A recent example involves a California physician services organization that was fined $240,000 by federal regulators for failing to protect patient data during three ransomware attacks in 20185.
Summary
- Medusind: A significant data breach affecting 360,934 individuals, involving a medical billing firm, with sensitive health and financial information compromised.
- Cencora: A data breach at a drug wholesale company exposed patient data, leading to a class action lawsuit alleging negligence and other violations.
- General Healthcare Risks: Healthcare and addiction treatment providers continue to be high-risk targets for cyberattacks, emphasizing the need for robust cybersecurity measures.
For the most up-to-date information, refer to the sources provided: