Security News > 2022 > January > Cyberattackers Hit Data of 80K Fertility Patients

FCI's data breach notice said that the healthcare organization first detected suspicious activity on its internal systems on Feb. 1, 2021.

The data of more than 3,300 U.S. military service members, military dependents and civilians employed by the DoD were compromised as part of what turned out to be a transnational cybercrime ring created to defraud them out of $1.5 million in military benefits from the DoD and the VA. With regards to the FCI breach, the organization said that it immediately took steps to eliminate unauthorized access and brought in independent forensic investigators to investigate and remediate the matter, on top of additional security measures meant to further secure access to data, individual accounts, and equipment, including the implementation of enterprise identity verification software.

Earlier this week, Florida's Broward Health System announced that the most intimate medical data of 1,357,879 patients was breached in October: evidence of what security researchers said is a soft-bellied healthcare software supply chain that's proved to be a juicy target for cybercriminals.

"These higher privileged accounts often have access to widespread data and act as a single point of failure, as evidenced by the large amount of user data exposed," he told Threatpost via email.

Jake Williams, Co-Founder and CTO at incident response firm BreachQuest, noted to Threatpost on Friday that it's not uncommon for medical organizations to store patient data outside of their EHR system, and it sounds like that's what happened here.

"Those who don't perform regular data inventory searches almost certainly have regulated data in their file shares - a location where it is just one phishing email away from compromise," Williams said.

News URL

https://threatpost.com/cyberattackers-data-80k-patients-fertility-centers-illinois/177467/