New York dental insurer reports phishing incident, French hospital group hit in ransomware incident
Healthplex, Inc. in New York provides dental insurance plans. On November 24, 2021, an employee reportedly fell for a phishing attempt. As a result, the insurer notified 76,262 of their insured members whose personal information may have been impacted. They do not make clear whether their investigation confirmed access and exfiltration or just access, so it’s not clear what “impacted” means in their notice.
According to their announcement, the data in the compromised email account included:
first and last name, address, group name and number, member ID number, plan affiliation, date of birth, date of service, provider name, ADA codes and their description, billed/paid amounts, prescription drug names, Social Security number, banking information, credit card number, username and password for the member portal, email address, phone number, and driver’s license number.
Letters to those potentially affected were mailed on April 15.
You can find Healthplex’s announcement on their website, here.
In other news today of attacks on the healthcare sector, Bill Toulas reports on an attack on a French hospital group:
The GHT Coeur Grand Est. Hospitals and Health Care group has disconnected all incoming and outgoing Internet connections after discovering they suffered a cyberattack that resulted in the theft of sensitive administrative and patient data.
GHT is a hospital network located in Northeast France consisting of nine locations, 6,000 employees, and approximately 3,370 beds.
Going beyond the statement, Bleeping Computer found patient data from this group listed for sale on a new marketplace, Industrial Spy. Toulas reports that the market claims that there had been a ransom demand of $1,300,000, but when the hospital group did not pay by the deadline, the threat actors put the 28.7 GB of stolen data up for purchase on the site. The data allegedly includes patient information such as social security numbers, passport scans, banking info, emails, and phone numbers.
The hospital group’s statement does not mention any ransom demand.
Read more at BleepingComputer.