68K affected by data theft, ‘sophisticated’ network hack of health nonprofit Advocates

/in


A number of breaches were reported in the healthcare sector, though not all are yet listed on the Department of Health and Human Services breach reporting tool.(Photo by Alex Wong/Getty Images)

Approximately 68,000 individuals who’ve received services from Advocates are being notified that their personal and protected health information was stolen during a four-day hack in September 2021. Advocates also provided notice to certain employees, whose data was exfiltrated during the hacking incident.

Advocates is a nonprofit organization based in Massachusetts that provides a range of services for individuals requiring support with addiction, autism, brain injury, mental health, addiction, and other health conditions.

First discovered on Oct. 1, the nonprofit was notified that its data had been exfiltrated from its digital environment by a threat actor. Advocates took action to secure the system and engaged with an outside cybersecurity firm to investigate the scope of the incident.

The investigation found that a hacker gained access to the network between Sept. 14 and Sept. 18, 2021 through a “sophisticated cyberattack” on its network. During that time, the attacker gained access to and copied data tied to both current and former individuals served by Advocates.

The stolen data included names, contacts, Social Security numbers, dates of birth, client identification numbers, health insurance information, diagnoses, and treatments.

Advocates is cooperating with the ongoing FBI investigation, while taking steps to bolster its security to prevent a recurrence. All impacted individuals will receive free credit monitoring and identity theft protection services.

St. Lucie County reports 4-year hack of drug screening lab

Over the course of four years, a misconfiguration error in the St. Lucie County’s Drug Screening Lab’s web portal allowed for certain data to be accessible by unauthorized parties. The breach is not yet listed on the HHS reporting tool, so it’s not yet known how many individuals have been affected.

“After an extensive forensic investigation and thorough review of the data impacted,” SLC discovered the unauthorized access to the portal data on Dec. 28. The exposure…

Source…