In a statement released on March 14, 2023, Independent Living Systems, a healthcare and managed care solutions provider, said it experienced an “incident involving the inaccessibility of certain computer systems on its network”… last July. Nine months later, we are finding that the “incident” was a data breach with the personal records of some 4.2 million individuals stolen! The data included names, contact details, Social Security numbers, dates of birth, driver’s licenses, state IDs, financial accounts and medical record numbers.
Corporations sure can take their own sweet time communicating bad news when it isn’t their own identity that has been stolen. ILS did hire outside cybersecurity specialists to launch an investigation, which confirmed that an unauthorized actor obtained access to certain systems between June 30, 2022 and July 5, 2022. In September of 2022, ILS’s first attempt to communicate externally was by posting a breach notice on its website (which is helpful for the elderly). They next informed the HHS’ Office for Civil Rights. Only now, eight months after the hack, is the company contacting those affected directly. In its notification letters, ILS said it was not possible to send individual notifications until March 14, 2023, due to time-consuming review and validation processes. “Dear Patient, Sorry your identity was stolen. Not sorry it took so long.”
Shout out to the victims. Several lawsuits have been filed but it still doesn’t take away the fact that their identity has been for sale for eight months.
Today’s Fraud Of The Day is based on “Healthcare data breach affects more than 4.2 million people” published by Business Daily News on March 20, 2023
More than 4.2 million people were affected by a July 2022 healthcare data breach at Independent Living Systems, the Miami-based vendor of clinical and third-party administrative services to managed care organizations serving elderly and disabled individuals disclosed March 14. This is the largest health data breach reported so far this year, according to a BankInfoSecurity article.
ILS said that the company noted the inaccessibility of certain computer systems on its network on July 5, 2022. ILS said it responded to the incident immediately and began an investigation with the assistance of outside cybersecurity specialists. The investigation showed that an unauthorized user had obtained access to certain ILS systems between June 30 and July 5, 2022, during which time information stored on the network was accessible and potentially viewed, the company said.