Major Data Breach at Michigan Health System -140,000 Affected
Major Data Breach at Michigan Health System—140,000 Affected
“Adversaries exploited Aspire Rural Health Systems’ network and infected it for months. Payment card details & medical records are exposed in the breach with 1 Lakh plus individuals impacted.”
According to the data breach notice, the Michigan-based health system experienced a data breach in November of last year, although it was probably not discovered until early January of this year.
As is often the case, Aspire investigated the data breach and sought assistance from cybersecurity experts. Nearly 140,000 people were exposed in the hack, according to information that Aspire gave to the Maine Attorney General’s Office.
Meanwhile, according to the company’s online data breach notice, hackers may have gained access to a wide range of private patient information, including:
- Names and surnames
- Dates of birth
- Social Security numbers
- Financial account numbers
- Medical treatment and diagnosis information
- Prescription information
- Individual health insurance information
- Payment card numbers and access PIN numbers
- Payment card expiration dates
- Lab results
- Driver’s license numbers
- Passwords and usernames
- Biometric identifiers
- Patient IDs
- Medical record numbers
- Passport numbers
Aspire emphasized that the kinds of accessible data differ from person to person and that there is currently no proof that the data was misused in any manner. The list of exposed data, however, suggests that attackers may have had access to a highly thorough and extensive list of financial, medical, and personal information.
Theoretically, attackers might use the disclosed dataset in a variety of detrimental ways. Most obviously, the information might be used by cybercriminals to steal identities. While trying to remotely create an account anywhere, there are more than enough details to successfully impersonate a person.
Because they may create a convincing message that includes, for instance, the patient’s diagnosis, attackers could also try phishing attempts. Attackers usually attempt to install malware or trick victims into disclosing even more private information.
The existence of financial identifiers exacerbates the data leak. Attackers have the ability to create fictitious accounts and obtain payment card information from victims, which they can use to embezzle money from those whose information was compromised.
Those affected by the Aspire assault should keep an eye out for any unusual activity on their bank accounts. Patients of Aspire face further potential issues as a result of leaked medical information.
Because they make medical identity theft possible, fraudsters place a high value on medical information. In these situations, attackers may get prescription medications that are subsequently sold on the dark web or file false insurance claims.
More crafty attackers might even try to use compromised medical condition data to extort people who prefer that their medical information be kept confidential. Aspire stated that it will offer affected patients free identity protection and credit monitoring services to help people reduce any hazards.
Aspire, Breach Notification Letter
| “Please accept our apologies that this incident occurred. Aspire is committed to maintaining the privacy of personal information in our possession and has taken many precautions to safeguard it,” reads Aspire’s breach notification letter. |
About The Author
Suraj Koli is a content specialist in technical writing about cybersecurity & information security. He has written many amazing articles related to cybersecurity concepts, with the latest trends in cyber awareness and ethical hacking. Find out more about “Him.”
Read More:
Phishing Attacks Target Brokerage Accounts to Manipulate Stock Prices
About Author
English