Independent Living Systems (ILS), a US-based health services company, has disclosed a data breach that compromised the personal and medical data of more than 4 million individuals. ILS provides a wide range of payer services, including clinical and third-party administrative services, to managed care organizations and healthcare providers.
The company said the unauthorized actor gained access to its network between June 30 and July 5, 2022. The types of impacted information vary by individual and include personal details such as name, address, date of birth, and Social Security number, as well as medical information like treatment details, prescription information, and health insurance information.
ILS discovered the security breach on July 5, 2022, when certain computer systems became inaccessible. The company believes that the systems were infected with ransomware.
ILS responded immediately and launched an investigation with the help of external cybersecurity specialists. The investigation revealed that the unauthorized actor had access to certain systems during the June 30 to July 5 period.
The company is notifying the affected individuals via letters and has also informed the relevant authorities, including the Maine Attorney General’s office, which reported that the data breach occurred on June 3, 2022.
ILS is offering impacted individuals 12 months of free Experian credit monitoring and restoration services.
This breach highlights the growing threat of cyberattacks on healthcare organizations and the need for effective cybersecurity measures to protect sensitive patient data.
Healthcare providers and organizations must ensure that they have robust security protocols in place to prevent, detect and respond to cyber threats, and that their employees are trained to follow best practices for data protection.
