Medibase recently identified a data breach involving unauthorized access to sensitive personal and protected health information. The incident, discovered on January 26, 2024, revealed that an unauthorized third party gained access to the company’s systems. Medibase began notifying affected individuals on July 5, 2024, about the potential exposure of their personal details, which includes names, Social Security numbers, dates of birth, medical records, and health insurance information.
The breach impacted 35,106 patients across healthcare provider clients using Medibase’s services. Although the attack was confined to Medibase’s system and did not affect client systems, it involved a significant amount of protected healthcare information. The company took immediate action to address the breach by engaging a leading security and forensics firm to investigate and contain the incident.
The review of compromised data confirmed that it contained comprehensive personal and medical details, though Medibase believes the primary target was company data rather than patient data. Despite the potential for data theft, the company has informed affected clients and individuals and is providing them with complimentary credit monitoring and identity theft protection services.
Medibase is committed to enhancing its cybersecurity measures to prevent future breaches. The company plans to implement continuous monitoring and provide ongoing staff training to strengthen its defenses against potential cyber threats and ensure the security of sensitive information.