A US-based non-profit healthcare group, Sharp Healthcare, said that 62,777 of its patients had been impacted by a recent cyberattack on its website (sharp[.]com), conducted by cybercriminals that aimed to steal a massive database of patients’ information.
In the released advisory, the healthcare group clarified that the compromised patients’ data varied per individual, but it did not include financial details, Social Security numbers, health and insurance records, or any data about the healthcare service a patient had received.
Sharp Healthcare has not found evidence of data misuse from the security breach.
Patients have been assured that the compromised databases were not abused for criminal purposes. Based on the company’s initial investigations, the infiltrated servers only contained limited patient data, such as their names, Sharp identification numbers, and payment invoice details.
Furthermore, the investigations indicate that the incident impacted customers who paid their bills using the company’s online payment service from August 12, 2021 to January 12, 2023. Patients and customers requiring urgent assistance from Sharp Healthcare are provided with a toll-free call hotline to attend to their queries.
Out of an abundance of caution, patients are advised to review their previous payment statements and check for suspicious transactions or charges they did not make. If these circumstances occur, Sharp said to contact their hotlines immediately.
The healthcare group said they have been upgrading the security tools on its website to prevent the same incidents from happening again.
Cybersecurity experts have been warning about the rising cases of cyberattacks against the healthcare industry, as threat groups have never been reluctant to attack even such a sensitive sector that could put people’s health and lives at risk.
In a separate study, researchers said that about 1 of 4 healthcare providers had been a target of ransomware attacks, resulting in an increase in mortality rates. One of the most common risk factors involved in such incidents is the onset of COVID-19, wherein staff are forced to work remotely or have been introduced to new work systems potentially open to zero-day vulnerabilities.
Staffing challenges and an increased need for patient care requirements also contributed to the exposure of the healthcare sector to cyberattacks.
