Medusind reveals breach impacting 300K healthcare records

January 9, 2025
Medusind Healthcare Cyberattack Data Breach US India

The well-known medical billing company Medusind has revealed a data breach that exposed 360,934 people’s private and health information.

The breach, which occurred in December 2023, was only recently made public after the company detected suspicious activity on its network. Medusind operates across 12 locations in the United States and India, providing billing services and revenue cycle management to over 6,000 healthcare providers.

Upon discovering the incident, Medusind immediately took the affected systems offline and hired a cybersecurity forensic firm to investigate. The investigation revealed that a cybercriminal may have accessed and copied files containing personal information. The compromised data varies for each affected individual and includes health insurance and billing information, payment details, medical records, government identification numbers, and other personal data such as dates of birth, addresses, and phone numbers.

 

Medusind is providing two years of free identity monitoring services through Kroll in order to reduce possible risks.

 

Credit monitoring, fraud counselling, and identity theft recovery are all ways to help people protect their data. Additionally, the organisation advises those affected to remain vigilant by monitoring credit reports and account statements for indications of identity theft or unauthorised activity.

This breach is part of a wider trend of cyberattacks targeting the healthcare sector, which has seen a significant rise in incidents over recent years.

In response, the US Department of Health and Human Services (HHS) proposed updates to the Health Insurance Portability and Accountability Act (HIPAA) in December 2024 to improve the protection of patient data. The new rules aim to strengthen security measures by requiring healthcare organisations to encrypt protected health information, implement multifactor authentication, and segment their networks to reduce the impact of potential breaches.

Recent high-profile breaches further illustrate the urgency of such measures. Ascension, a large private healthcare system in the US, recently informed 5.6 million individuals that their data had been compromised following a ransomware attack by the Black Basta gang. Similarly, UnitedHealth reported a massive breach in early 2024 stemming from a ransomware attack on Change Healthcare, impacting over 100 million individuals.

The Medusind breach highlights the increasing cybersecurity challenges faced by healthcare providers. As cybercriminals continue to target sensitive patient data, organisations need to adopt stronger security practices to protect against evolving threats.

Those affected by the breach are urged to take advantage of the identity protection services offered and remain vigilant to minimise the risk of identity theft and fraud.

About the author

Leave a Reply