Independent Living Systems LLC, a Florida-based healthcare and managed care solutions provider, has suffered a data breach with the records of some 4.2 million individuals potentially stolen.
In a statement, the company said it experienced an “incident involving the inaccessibility of certain computer systems on its network” on July 5. ILS subsequently hired outside cybersecurity specialists and launched an investigation, which found that an unauthorized actor obtained access to certain systems between June 30 and July 5, 2022.
A full review of the incident was delivered to the company on January 17, which also found that the unauthorized attack may have accessed personally identifiable and protected health information. Data that may have been stolen includes names, addresses, dates of birth, driver’s license information, Social Security numbers, financial account information and medical information, including Medicare and Medicaid identification and medical records.
ILS claims it notified potentially affected individuals on Sept. 2 by posting preliminary information on its website but seemingly did not contact them directly. Only now, eight months after the hack is the company now contacting those affected directly.
The form of attack was not disclosed, but the type could be implied in the company’s words – an “incident involving the inaccessibility of certain computer systems” sounds like a typical ransomware attack.
“It is unknown if the attack on Independent Living Systems was ransomware, but information including names, addresses, and social security numbers of over four million people was accessed during the attack,” Stephan Chenette, co-founder and chief technology officer at cybersecurity readiness company AttackIQ Inc. told SiliconANGLE.
“To prevent similar attacks, healthcare organizations, as well as any third-party companies utilized, must study the common tactics, techniques and procedures used by common threat actors, which will help them build more resilient security detection, prevention and response programs mapped specifically to those known behaviors,” Chenetted added. “Additionally, organizations should use automated solutions that safely validate their defensive controls against ransomware campaigns and their techniques to better prepare for the next threat.”