Independent Living Systems data breach impacts more than 4M individuals

1 year ago AndyC

US
health
services
company
Independent
Living
Systems
(ILS)
discloses
a
data
breach
that
impacted
more
than
4
million
individuals.

Independent Living Systems data breach impacts more than 4M individuals

US
health
services
company
Independent
Living
Systems
(ILS)
discloses
a
data
breach
that
impacted
more
than
4
million
individuals.

US
health
services
company

Independent
Living
Systems
(ILS)
disclosed
a
data
breach
that
exposed
personal
and
medical
information
for
more
than
4
million
individuals.

Independent
Living
Systems,
offers
a
comprehensive
range
of turnkey
payer
services
including
clinical
and
third-party
administrative
services
to
managed
care
organizations
and
providers.

ILS
provides
assistance
beyond
the
clinical
realm
at
every
stage
of
care
from
hospitalization
to
the
treatment
of
chronic
illnesses
to
personalized
care
management
including
nutritional
support.

The
company
provides
its
services
to
over
4.2
million
individuals.


“On
July
5,
2022,
we
experienced
an
incident
involving
the
inaccessibility
of
certain
computer
systems
on
our
network.
We
responded
to
the
incident
immediately
and
began
an
investigation
with
the
assistance
of
outside
cybersecurity
specialists.
Through
our
response
efforts,
we
learned
that
an
unauthorized
actor
obtained
access
to
certain
ILS
systems
between
June
30
and
July
5,
2022.”
reads
the


Notice
of
Data
breach
published
by
the
company.
“During
that
period,
some
information
stored
on
the
ILS
network
was
acquired
by
the
unauthorized
actor,
and
other
information
was
accessible
and
potentially
viewed.


Independent Living Systems

The
security
breach
was
discovered
on
July
5,
2022,
when
some
of
the
systems
at
the
company
became
inaccessible.
This
circumstance
suggests
that
the
systems
were
infected
with
ransomware.
The
company
launched
an
investigation
into
the
incident
with
the
support
of
external
cybersecurity
experts.
The
investigation
revealed
that
between
June
30
and
July
5,
threat
actors
had
access
to
certain
systems.

The
notice
of
data
breach
states
that
the
types
of
impacted
information
varies
by
individual
and
could
have
included,
name,
address,
date
of
birth,
driver’s
license,
state
identification,
Social
Security
number,
financial
account
information,
medical
record
number,
Medicare
or
Medicaid
identification,
CIN#,
mental
or
physical
treatment/condition
information,
food
delivery
information,
diagnosis
code
or
diagnosis
information,
admission/discharge
date,
prescription
information,
billing/claims
information,
patient
name,
and
health
insurance
information.

The
company
is
notifying
the
impacted
individuals
via
letters.

ILS
also
informed
the
relevant
authorities,
including
the
Maine
Attorney
General’s
office,
which


reported
that
the
data
breach
impacted 4,226,508
individuals.
The
Maine
Attorney
General’s
office
reported
that
the
data
breach
occurred
on
June
3,
2022.

The
company
offers,
for
free,
to
the
impacted
individuals
12
months,
Experian,
credit
monitoring
and
restoration
services.

Follow
me
on
Twitter:


@securityaffairs
and


Facebook
and


Mastodon



Pierluigi Paganini


(SecurityAffairs –

hacking,
Independent
Living
Systems)



About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

More Stories

Smashing Security podcast #373: iPhone undeleted photos, and stealing Scarlett Johansson’s voice

Smashing Security podcast #373: iPhone undeleted photos, and stealing Scarlett Johansson’s voice

6 hours ago AndyC
Critical Veeam Backup Enterprise Manager auth bypass bug

Critical Veeam Backup Enterprise Manager auth bypass bug

12 hours ago AndyC
Cybercriminals are targeting elections in India with influence campaigns

Cybercriminals are targeting elections in India with influence campaigns

12 hours ago AndyC
A malware campaign exploits Microsoft Exchange Server flaws

A malware campaign exploits Microsoft Exchange Server flaws

12 hours ago AndyC
Critical GitHub Enterprise Server Auth Bypass bug. Fix it now!

Critical GitHub Enterprise Server Auth Bypass bug. Fix it now!

18 hours ago AndyC
OmniVision disclosed a data breach after the 2023 Cactus ransomware attack

OmniVision disclosed a data breach after the 2023 Cactus ransomware attack

18 hours ago AndyC

You may have missed

Optus to face ACMA-filed court case over data breach

Optus to face ACMA-filed court case over data breach

2 hours ago AndyC
Securing your identity in the clouds

Securing your identity in the clouds

2 hours ago AndyC
Il grande ritorno del cloud privato. Grazie all’IA

Il grande ritorno del cloud privato. Grazie all’IA

3 hours ago AndyC
CSO30 Awards: Introducing the top 30 security leaders in the UAE

CSO30 Awards: Introducing the top 30 security leaders in the UAE

3 hours ago AndyC
Western Sydney University hacked but no ransom demands

Western Sydney University hacked but no ransom demands

5 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.