Latest news with #data breach
Fox News
2 days ago
- Health
- Fox News
5.4 million patient records exposed in healthcare data breach
Over the past decade, software companies have built solutions for nearly every industry, including healthcare. One term you might be familiar with is software as a service (SaaS), a model by which software is accessed online through a subscription rather than installed on individual machines. In healthcare, SaaS providers are now a common part of the ecosystem. But, recently, many of them have made headlines for the wrong reasons. Several data breaches have been traced back to vulnerabilities at these third-party service providers. The latest incident comes from one such firm, which has now confirmed that hackers stole the health information of over 5 million people in the United States during a cyberattack in January. Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide — free when you join. Episource, a big name in healthcare data analytics and coding services, has confirmed a major cybersecurity incident (via Bleeping Computer). The breach involved sensitive health information belonging to over 5 million people in the United States. The company first noticed suspicious system activity Feb. 6, 2025, but the actual compromise began ten days earlier. An internal investigation revealed that hackers accessed and copied private data between Jan. 27 and Feb. 6. The company insists that no financial information was taken, but the stolen records do include names, contact details, Social Security numbers, Medicaid IDs and full medical histories. Episource claims there's no evidence the information has been misused, but because they haven't seen the fallout yet doesn't mean it isn't happening. Once data like this is out, it spreads fast, and the consequences don't wait for official confirmation. The healthcare industry has embraced cloud-based services to improve efficiency, scale operations and reduce overhead. Companies like Episource enable healthcare payers to manage coding and risk adjustment at a much larger scale. But this shift has also introduced new risks. When third-party vendors handle patient data, the security of that data becomes dependent on their infrastructure. Healthcare data is among the most valuable types of personal information for hackers. Unlike payment card data, which can be changed quickly, medical and identity records are long-term assets on the dark web. These breaches can lead to insurance fraud, identity theft and even blackmail. Episource is not alone in facing this kind of attack. In the past few years, several healthcare SaaS providers have faced breaches, including Accellion and Blackbaud. These incidents have affected millions of patients and have led to class-action lawsuits and stricter government scrutiny. If your information was part of the healthcare breach or any similar one, it's worth taking a few steps to protect yourself. 1. Consider identity theft protection services: Since the healthcare data breach exposed personal and financial information, it's crucial to stay proactive against identity theft. Identity theft protection services offer continuous monitoring of your credit reports, Social Security number and even the dark web to detect if your information is being misused. These services send you real-time alerts about suspicious activity, such as new credit inquiries or attempts to open accounts in your name, helping you act quickly before serious damage occurs. Beyond monitoring, many identity theft protection companies provide dedicated recovery specialists who assist you in resolving fraud issues, disputing unauthorized charges and restoring your identity if it's compromised. See my tips and best picks on how to protect yourself from identity theft. 2. Use personal data removal services: The healthcare data breach leaks loads of information about you, and all this could end up in the public domain, which essentially gives anyone an opportunity to scam you. One proactive step is to consider personal data removal services, which specialize in continuously monitoring and removing your information from various online databases and websites. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. Get a free scan to find out if your personal information is already out on the web. 3. Have strong antivirus software: Hackers have people's email addresses and full names, which makes it easy for them to send you a phishing link that installs malware and steals all your data. These messages are socially engineered to catch them, and catching them is nearly impossible if you're not careful. However, you're not without defenses. The best way to safeguard yourself from malicious links is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices. 4. Enable two-factor authentication: While passwords weren't part of the data breach, you still need to enable two-factor authentication (2FA). It gives you an extra layer of security on all your important accounts, including email, banking and social media. 2FA requires you to provide a second piece of information, such as a code sent to your phone, in addition to your password when logging in. This makes it significantly harder for hackers to access your accounts, even if they have your password. Enabling 2FA can greatly reduce the risk of unauthorized access and protect your sensitive data. 5. Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts. What makes this breach especially alarming is that many of the affected patients may have never even heard of Episource. As a business-to-business vendor, Episource operates in the background, working with insurers and healthcare providers, not with patients directly. The people affected were customers of those companies, yet it's their most sensitive data now at risk because of a third party they never chose or trusted. This kind of indirect relationship muddies the waters when it comes to responsibility and makes it even harder to demand transparency or hold anyone accountable. Do you think healthcare companies are investing enough in their cybersecurity infrastructure? Let us know by writing us at For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Follow Kurt on his social channels Answers to the most asked CyberGuy questions: New from Kurt: Copyright 2025 All rights reserved.
CBC
6 days ago
- Business
- CBC
Nova Scotia Power to expand credit monitoring to all customers, past and present
Nova Scotia Power is expanding its offering of free credit monitoring in the wake of a massive cybersecurity breach that resulted in the data of hundreds of thousands of customers being stolen by hackers. The company is now providing five years of credit monitoring, up from the two years that were initially offered. People who have already signed up will have their service automatically extended. The utility also announced it will pay for monitoring for all its customers, past and present, instead of just the customers who were believed to have been affected. An update on the company's website Wednesday said the information of former customers was also taken — not just that of current customers. Nova Scotia Power announced publicly on April 28 that it was dealing with a cybersecurity incident it discovered three days earlier, on April 25. The company later said the actual hack had occurred more than a month earlier, on March 19. About 280,000 customers have been affected by the attack — about half of the utility's total customers. The company said in its update it is still trying to determine the full scope of data that was accessed, but it "cannot rule out the possibility" that the stolen information includes name, date of birth, bank account number, social insurance number, driver's licence number, phone number, email address, mailing and service address, and customer account information. The company also said it has "heard concerns" about social insurance numbers, which Nova Scotia Power "historically collected for customer authentication purposes." "We are committed to permanently deleting all instances of SINs from our systems as soon as our investigation allows," the statement said.
Daily Mail
6 days ago
- Business
- Daily Mail
Massive data breach sees 15m Americans' personal details stolen from major insurer
A massive cyberattack has exposed the sensitive personal details of Americans after hackers breached the system of Aflac. Aflac, one of the largest insurance company in the US, has over 50 million customers worldwide and around 15m in America. The breach identified on June 12 was carried out by a yet unknown hacking group that accessed files containing Social Security numbers, health claims and other private data. A 11 class-action lawsuits have been already filed against the company, accusing it of failing to protect user data. Aflac confirmed the breach in a statement filed with the US Securities and Exchange Commission on Friday, noting that the incident affected customers, beneficiaries, employees and agents. The company has not shared how many people were affected. 'Our business remains operational, and our systems were not affected by ransomware,' said Aflac in a press release. 'This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group.' Aflac, one of the largest insurance company in the US has over 50 million customers worldwide. The breach was contained within hours, according to Aflac, but the company admitted the scope of attack remains under investigation. The hackers performed the attack by manipulating individuals and sector-specific targeting into performing actions or divulging confidential information. Unlike malware or brute-force attacks, these tactics rely on psychological manipulation rather than technical vulnerabilities. This form of attack involves tricking employees, often help desk workers into revealing passwords or granting access, bypassing traditional security systems like firewalls. Alfac has hired a third party cybersecurity experts to review the breach and assess the damage. So far, the company says the data potentially accessed includes names, claims data, Social Security numbers, and health-related information. Aflac said it is offering free credit monitoring and identity theft protection to affected individuals. Alfac has hired a third party cybersecurity experts to review the breach and assess the damage. Aflac reported the data potentially accessed includes names, claims data, Social Security numbers, and health-related information. A dedicated call center was launched on June 20 to provide support and more details to those impacted by the incident. The Aflac hack followed a coordinated series of attacks on insurers beginning June 7, starting with Erie Insurance and Philadelphia Insurance Companies. The FBI has not commented publicly on the breach, but cybersecurity analysts suspect the attack was carried out by a group known as Scattered Spider. This group operates under a larger cybercriminal network known as The Com, according to Cyberscoop. The group, active since 2022, is known for attacking US companies in waves using identity-based tactics such as impersonating employees. John Hultquist, chief analyst at Google's Mandiant Intelligence, said the insurance industry is currently facing a surge in targeted intrusions. He noted the tactics used in the Aflac breach mirror recent attacks on Erie Indemnity and Philadelphia Insurance Companies. 'This was part of a cybercrime campaign against the insurance industry,' Aflac said in its press release. 'We regret that this incident occurred,' the company added, emphasizing its commitment to protecting customer data going forward. Security experts warn that breaches like this can have long term consequences for victims. With Social Security numbers and medical records exposed, individuals may at risk for fraud, scams or even medical identity theft. Steve Cagle, CEO of Clearwater, a healthcare cybersecurity firm, said Scattered Spider is known for bypassing even multi-factor authentication by tricking help desk personnel. 'This group's specialty is identity-based tactics,' he noted. Health and insurance records are among the most valuable data types on the black market, experts say. Scattered Spider has been linked to past attacks on tech companies, casinos, and retailers in both the US and UK. The group reportedly uses threats of violence and impersonation tactics to gain access to secure systems. Cyberattacks across the globe rose 44 percent last year, according to a January report by Check Point Research. The rise is attributed partly to advanced social engineering and the use of generative AI in phishing and impersonation attempts. Aflac has joined other breached companies in notifying regulators and offering affected customers support and monitoring tools. As investigations continue, more insurers are expected to come forward with disclosures of similar intrusions.
CTV News
6 days ago
- Business
- CTV News
Nova Scotia Power says former customers also impacted by breach, extends credit monitoring
Nova Scotia Power says it appears the hackers behind a recent cybersecurity breach also accessed the personal information of former customers. As a result, the utility is now offering five years of free credit monitoring to all customers – both past and present – whether or not they received a letter about the cybersecurity breach. 'We have determined through our investigation that the personal information of former customers was also accessed on or around March 19, 2025, and later taken by an unauthorized third party, in addition to the personal information of the current customers to whom notifications have already been sent,' said Nova Scotia Power in a statement Wednesday. 'Customers will not pay for any costs incurred by Nova Scotia Power for credit monitoring resulting from this incident.' Nova Scotia Power says a dedicated team within the utility is working with third-party cybersecurity experts to investigate the ransomware attack. It says the personal information of former customers, including names, phone numbers, email address and mailing addresses, may have been compromised. 'For some of our former customers, bank account numbers (for pre-authorized payment) and Social Insurance Numbers may also have been impacted,' said the utility. 'We intend to do everything we can to support current and former customers, which includes expanded access to credit monitoring.' Anyone who has already signed up for credit monitoring will automatically be extended to receive the service for five years. Former and current customers who wish to sign up for the credit monitoring service can go online to validate and secure a unique code. Nova Scotia Power said it's also deploying employee volunteers to communities across the province to provide support for customers who prefer assistance in person. Nova Scotia Power will delete all SINs The utility says people have expressed concerns about having social insurance numbers (SINs) on file, so it will be deleting that information from its systems. 'We have heard concerns about SINs, which we historically collected for customer authentication purposes,' said Nova Scotia Power. 'We are committed to permanently deleting all instances of SINs from our systems as soon as our investigation allows.' For more Nova Scotia news, visit our dedicated provincial page
Yahoo
23-06-2025
- Business
- Yahoo
US insurance giant Aflac says customers' personal data stolen during cyberattack
Aflac, one of the largest insurance companies in the United States, says hackers stole an unknown quantity of its customers' personal information from its network during a cyberattack earlier this month. The insurance giant confirmed Friday in a legally required filing with the U.S. Securities and Exchange Commission that the company identified hackers in its system on June 12 and contained the incident. Aflac, which provides supplemental insurance to individuals whose expenses are not covered by their primary providers, said it was not yet known how many customers are affected by the data breach, but that the personal data includes customers' claims, such as Social Security numbers and health information. The breach also included data from Aflac's beneficiaries, employees, and agents, the company said. Aflac said its systems were not affected by ransomware, but attributed the breach to an unspecified cybercrime group known to be targeting the U.S. insurance industry. According to its Friday press release, Aflac said the hackers used social engineering tactics to break into its network. An Aflac spokesperson, who did not provide their name, declined to answer TechCrunch's questions when reached by email on Monday. Aflac, which has around 50 million customers per the company's website, is the latest U.S. insurance company to experience a cyberattack in recent weeks, amid warnings that hackers are targeting the wider insurance industry. John Hultquist, the chief analyst for Google's threat intelligence unit, said last week that the unit was 'aware of multiple intrusions' in the U.S. that bear the hallmarks of activity linked to Scattered Spider, a loose-knit collective of hackers and tactics that rely on social engineering tactics and sometimes threats of violence to target company help desks and call centers in order to gain access to their networks. The hackers are also reportedly behind the recent intrusions at Erie Insurance and Philadelphia Insurance Companies, which disclosed cyberattacks this month, with disruption ongoing. The hackers linked to Scattered Spider attacks are known to be financially motivated, and have been previously linked to cyberattacks and intrusions at tech giants, casinos, and hotels, and recent data breaches across the U.K. and U.S. retail sector. Sign in to access your portfolio
