CentroMed suffers data security incident, 400K patients exposed


The San Antonio-based primary care clinic CentroMed has suffered a data security incident, revealing the personally identifiable information (PII) of approximately 400,000 patients.

On May 1st, 2024, CentroMed became aware of unusual activity taking place in its IT network.

The care clinic learned that malicious actors had gained access to its IT network around April 30th, 2024.

CentroMed discovered that the unauthorized individual had accessed and obtained files that contained the personal information of current and former patients.

The PII information involved includes:

  • Names
  • Addresses
  • Dates of birth
  • Social Security numbers
  • Financial account information
  • Medical record numbers
  • Health insurance information
  • Diagnosis and treatment information
  • Claims data

According to information that CentroMed submitted to the US Department of Health and Human Services (HHS), the attack exposed 400,000 individuals.

Individual healthcare data can be sold for hundreds of dollars on dark web forums. Malicious actors can use medical details for medical identity theft, a type of fraud where threat actors use stolen information to submit forged claims to Medicare and other health insurers.

Meanwhile, other personally identifiable information (PII) may be used to commit fraud, from identity theft and phishing attacks to opening new credit accounts, making unauthorized purchases, or obtaining loans under false pretenses.

CentroMed urges former and current patients involved in the incident to review their statements received from healthcare providers and contact the relevant provider immediately if they notice unusual activity.

“We also encourage patients and others to remain vigilant to the possibility of fraud by reviewing their financial account statements for any suspicious activity,” CentroMed said.

CentroMed is a primary care clinic that provides “accessible services” to its network of 23 clinic sites.

The healthcare provider has been the victim of this type of data incident before. In August 2023, CentroMed experienced a data breach that exposed roughly 300,000 people.

Similar personal information, including names, dates of birth, addresses, Social Security numbers, medical records, and other personal information – including financial account information – was exposed.

The attack was claimed by Karakurt threat actors back in June 2023. However, the group didn’t leak the almost 42GB of files they claimed to have obtained, according to DataBreaches.net.