CPAP Medical Supplies and Services, a military-focused sleep therapy gear provider, has suffered a hacker attack that exposed the personal details of tens of thousands of customers.
CPAP sent a breach notification letter to numerous impacted individuals, informing them of the 2024 cyberattack. According to the letter, cybercrooks breached CPAP’s network between December 13th and December 21st of last year.
Information the company submitted to the Maine Attorney General’s Office revealed that over 90,000 individuals were impacted by the attack.
CPAP provides sleep therapy gear. The company’s website strongly emphasizes its focus on US military personnel. CPAP also accepts Tricare, a US Defense Department health program for service members.
“We commenced a prompt and thorough investigation into the incident and worked very closely with external cybersecurity professionals experienced in handling these types of situations to help determine whether any personal or sensitive data had been compromised as a result of this incident,” reads the data breach notice.
Meanwhile, the data breach notice that CPAP posted on its website indicates that attackers may have accessed customer names, Social Security numbers (SSNs), and other “identifiable protected health and personal information.”
Individuals whose data may have been stolen could experience increased levels of cybersecurity threats. For example, attackers could leverage the stolen data for identity theft. Cybercrooks could also use the details to craft phishing attacks by attempting to impersonate healthcare providers, hoping to lure additional sensitive details.
Depending on what health information was exposed, attackers could also attempt medical identity theft. Medical details are a prized possession in the cyber underworld, as they enable attackers to file fraudulent insurance claims and prescriptions for regulated drugs.
While CPAP pointed out that it has no indication that exposed details were misused, the company said it will offer affected individuals complimentary credit and identity monitoring services.
Healthcare institutions are among the most targeted. According to research from the Business Digital Index, the majority of the largest US hospitals have recently dealt with cyberattacks and data breaches. For example, in 2024, healthcare-related data breaches led to the theft of over 267 million records.
Your email address will not be published. Required fields are markedmarked