SuperCare Health, a California based healthcare firm that deals with patients suffering from respiratory ailments, has posted a data breach notice on its website. And the notice says that a security incident hit the company on July 27th, 2021 when hackers fraudulently accessed its system for 5 complete days, i.e. from July 23rd to July 27th last year.
After making several data audits, the company concluded on February 4th this year; the hackers accessed sensitive patient info such as medical record numbers, names, DoBs, addresses, hospital or medical group info, patient account number, health related details and claims data, social security numbers, driving license details.
SuperCare started notifying all the affected individuals since March 25th this year and posted on the website that it has taken all additional cybersecurity measures to protect the digital data of its patients in the future. The incident was also reported to the Federal Bureau of Investigation as per the latest federal rule of incident sharing and response procedure.
Currently, there is no evidence that the stolen details were used/being used in any of the identity theft campaigns. But what if the criminals use the details after going through a pause over usage hibernation?
After stealing the details, such criminals often sell the information on the dark web to make quick money. And those who purchase such info will start using the details in their phishing campaigns (In case of email address steal), brute force attacks (In password steal) and identity theft (In case of personal data steal).
Ā
