A healthcare system with services in 17 Pennsylvania counties says a ransomware incident last year allowed unknown actors to access sensitive patient information such as Social Security numbers, medical records, and health insurance information.
Wilkes-Barre-based Maternal and Family Health Services Inc. (MFHS) discovered the breach on April 4, 2022.
The sensitive patient information that could have been accessed also included dates of birth, patient account numbers, and driver’s license numbers, as well as payment and financial account information.
An investigation found unknown actors gained unauthorized access to the organization’s systems between Aug. 21, 2021, and April 4, 2022, according to the MFHS website.
But MFHS didn’t start notifying patients until nine months later in a Jan. 3, 2023, letter.
“Maternal and Family Health Services experienced a ransomware incident. During the typical ransomware incidents, cyber criminals try to lock an organization’s digital files in an attempt to get paid for digital key to unlock the files. We promptly launched an investigation, engaged a National Cybersecurity firm to assist in assessing the scope of the incident, and took steps to mitigate the potential impact to our community,” the letter said.
Identity Theft Claim
Chris Izquierdo of Scranton says she is a victim of identity theft due to the data breach. Izquierdo is the lead plaintiff in a newly filed class action case in the Middle District of Pennsylvania, seeking damages and future protection from identity theft for those affected.A complaint filed this month says MFHA downplayed the seriousness of the breach.
Since the Data Breach, Izquierdo has learned of at least five fraudulent credit card accounts being opened in her name, court papers say. Opening these accounts would have required knowledge of her personal information, such as name, date of birth, and Social Security number.
Her credit score has decreased because the fraudulent accounts have outstanding balances and are accruing interest charges she is asked to pay. A utility service account has been opened using her information in Florida, where she has never lived.
Medical data is particularly valuable, according to the court filing, because criminals can use it to target victims with scams that take advantage of the victim’s medical conditions or settlements. It can be used to create fake insurance claims, allowing for the purchase and resale of medical equipment, or the information can be used to get prescriptions for illegal use or resale.
The theft can lead to inaccurate medical records, which could lead to misdiagnosis.
The Epoch Times asked MFHS for comment, but it did not respond by the time of publication.
Friends Read Free