Columbus Regional Healthcare, a US emergency healthcare provider based in North Carolina, has confirmed suspicions of a data breach that occurred last May.
The breach report filed with the attorney general in Maine indicates that more than 132,000 people were affected, with patient names and Social Security numbers exposed due to unauthorized access to the non-profit healthcare provider’s computer network between May 19th and 21st.
Despite reports circulating as early as June, Columbus only acknowledged the breach and its extent in December. The Daixin ransomware gang claimed responsibility for the attack, threatening to publish stolen data after Columbus allegedly failed to meet a $2 million payment demand.
While Columbus did not confirm these details, the breach has prompted an apology to residents of Maine, a state with strict reporting requirements for cyberattacks affecting its residents.
In the letter, Columbus expressed that it is not aware of any reports of identity fraud or improper use of affected individuals’ information directly resulting from the incident.
Reference:
