US healthcare company Fairfax has disclosed a data breach that may have exposed the medical records of up to nearly a quarter of a million patients.
The Virginia-based facial and dental specialist said it had concluded an investigation last month which established that a threat actor infiltrated its systems in May.
It shared its findings with the attorney general in Maine, which imposes strict reporting requirements on firms suffering cyberattacks that affect its residents.
In this case, less than 50 Maine residents were affected, but the total number of victims nationwide is 235,931 – with exposed data including names, driver’s license and Social Security numbers, and health insurance and medical history details.
Such information is often illegally monetized by cybercriminals who can use it to leverage other crimes such as online fraud and identity theft.
Fairfax, which operates half a dozen surgeries across northern Virginia, is claiming that there is no evidence that any of the exposed data has been used for such purposes, although it tacitly admits that clients may have been put at risk. This is presumably because infiltrators could have copied exposed files without otherwise tampering with them.
“The investigation did not find evidence that any files were acquired from Fairfax’s network during the incident, and Fairfax is not aware of any instances of anyone’s personal information having been misused,” it said. “Nevertheless, Fairfax is notifying individuals whose personal information was contained on the encrypted systems.”
The company has offered a year’s free identity protection services by way of compensattion to affected customers.
“We have taken steps to reduce the risk of this type of incident occurring in the future, including enhancing our technical security measures,” it added.
More from Cybernews:
Subscribe to our newsletter