Keystone Health breach exposed health details of 235k people

Keystone Health says hackers accessed files containing sensitive patient information such as Social Security numbers.

Pennsylvania-based healthcare service provider Keystone Health suffered a major data breach exposing the protected health information (PHI) of close to a quarter of a million people.

According to Keystone, the organization suffered from a cybersecurity incident that it noticed on August 19 when it interfered with Keystone’s IT systems. Subsequent investigation revealed threat actors were lurking in the organization’s systems for three weeks.

“Our investigation found that an unauthorized party accessed files within our system between July 28, 2022 and August 19, 2022. Some of those files contained patient information, including names, Social Security numbers, and clinical information,” Keystone said in a statement.

Last week the organization notified the US Department of Health and Human Services Office for Civil Rights about the incident, estimating that the breach impacted over 235,000 people.

Keystone Health primarily serves Franklin County in the state of Pennsylvania. The organization provides various services to its customers, ranging from dental care to pharmaceuticals. Keystone generates around $35m in yearly revenue.

The organization is the latest addition to the list of healthcare providers targeted by hackers. In early October, CommonSpirit Health, the second-largest non-profit hospital chain in the US, reported an IT security issue impacting its facilities.

Threat actors often target hospitals since most healthcare organizations have scant cybersecurity budgets and are extremely sensitive to downtime. Hospitals also store extremely sensitive data, making it valuable in the hands of threat actors.

A recent survey showed that two-thirds of healthcare organizations were hit by a ransomware attack last year. The number of affected organizations in the field doubled from 34% in 2020 to 66% last year.

The survey indicates that ransomware attacks against healthcare have become so frequent that some insurers either refuse to take in hospitals or leave the market altogether.

More from Cybernews:

Online child abuse and 3D firearms are major police concerns

Blockchain voting system to be trialed in Greenland

Germany’s cyber chief sacked over Kremlin ties

SpaceX spending millions on cyberwar defense, Musk says

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked