Almost one million people affected by medical billing ransomware attack

A ransomware attack on a medical billing vendor has affected patients from 27 healthcare organizations

Add bookmark




Almost one million people affected by medical billing ransomware attack

A ransomware attack on New York-based healthcare billing company, Practice Resources (PRL), has exposed the data of more than 942,000 patients from 27 hospitals and physician’s offices.

The breach was confirmed via a submission to the US Department of Health and Human Services Office for Civil Rights (HHS), which detailed that PRL had suffered a “hacking/IT incident” involving the network server that affected 942,138 individuals. According to a notice posted online by the California Attorney General’s office, the breach was due to a ransomware attack that took place on 12 April.

PRL explained in the notice that the attack “may have resulted in unauthorized access to or acquisition of [sensitive information including] name, home address, dates of treatment, health plan number, and/or medical record number”.

To combat the attack, PRL enlisted the help of “third-party experts” and “took immediate steps to secure its systems and investigate the nature and scope” of the ransomware attack. PRL also noted that since the attack it had “implemented a series of cybersecurity enhancements”. Additionally, the company provided free credit monitoring services to those affected by the breach.

PRL posted a document listing all hospitals and physicians’ offices affected by the breach

You May Also Like

  • Blizzard Entertainment hit by DDoS attack

  • IOTW: A full timeline of the MOVEit cyber attack

  • PwC and EY impacted by MOVEit cyber attack

  • BlackCat threatens to leak 80GB of Reddit data