Pierluigi Paganini
March 22, 2023
US health services company Independent Living Systems (ILS) disclosed a data breach that exposed personal and medical information for more than 4 million individuals.
Independent Living Systems, offers a comprehensive range of turnkey payer services including clinical and third-party administrative services to managed care organizations and providers.
ILS provides assistance beyond the clinical realm at every stage of care from hospitalization to the treatment of chronic illnesses to personalized care management including nutritional support.
The company provides its services to over 4.2 million individuals.
“On July 5, 2022, we experienced an incident involving the inaccessibility of certain computer systems on our network. We responded to the incident immediately and began an investigation with the assistance of outside cybersecurity specialists. Through our response efforts, we learned that an unauthorized actor obtained access to certain ILS systems between June 30 and July 5, 2022.” reads the Notice of Data breach published by the company. “During that period, some information stored on the ILS network was acquired by the unauthorized actor, and other information was accessible and potentially viewed.“
The security breach was discovered on July 5, 2022, when some of the systems at the company became inaccessible. This circumstance suggests that the systems were infected with ransomware. The company launched an investigation into the incident with the support of external cybersecurity experts. The investigation revealed that between June 30 and July 5, threat actors had access to certain systems.
The notice of data breach states that the types of impacted information varies by individual and could have included, name, address, date of birth, driver’s license, state identification, Social Security number, financial account information, medical record number, Medicare or Medicaid identification, CIN#, mental or physical treatment/condition information, food delivery information, diagnosis code or diagnosis information, admission/discharge date, prescription information, billing/claims information, patient name, and health insurance information.
The company is notifying the impacted individuals via letters.
ILS also informed the relevant authorities, including the Maine Attorney General’s office, which reported that the data breach impacted 4,226,508 individuals. The Maine Attorney General’s office reported that the data breach occurred on June 3, 2022.
The company offers, for free, to the impacted individuals 12 months, Experian, credit monitoring and restoration services.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Independent Living Systems)
