A healthcare provider in the US has disclosed a data breach that may have exposed the sensitive data of tens of thousands of people.
Robeson Health Care Corporation made two separate disclosures, the most recent being on November 27th, in which it stated that it had detected malware in its computer systems back in February of this year.
Having completed an investigation on or around October 9th, Robeson says it has reason to believe that more than 60,000 people could have been affected.
In terms of the extent of the severity of the breach, the North Carolina-based healthcare firm issued mixed messages.
In a letter sent to affected US citizens, Robeson said it “has no indication that our electronic medical records databases were accessed without authorization.”
But then it added: “We concluded a review of former patient information and confirmed that some of your sensitive personal information could have been viewed or taken during the period of unauthorized access.”
It adds that the compromised data could have included names and “other personal identifiers” such as Social Security numbers. It’s not known whether all potential victims were patients or if other persons, such as employees and third-party contractors, may also have been affected.
The two disclosures by Robeson, the first of which came in April after it concluded a preliminary investigation the month before, were made to the Attorney General in Maine, which imposes strict reporting requirements for any cyberattacks that affect its residents.
Robeson has offered the affected parties a year’s worth of free identity theft protection services, and following the investigation, it reset passwords and enabled multi-factor authentication for all its system users.
More from Cybernews:
Subscribe to our newsletter