Data Breach at Virginia-Based Avosina Healthcare Impacts More Than 40,000

Virginia-based healthcare service provider Avosina Healthcare Solutions reported that a data security incident last year exposed the sensitive personal information of over 40,000 individuals.

 

Avosina Healthcare Solutions is a healthcare management services organisation and IT firm that offers revenue cycle management, medical billing, coding, and IT support to independent physician practices, helping them improve profitability and reduce administrative burdens.

 

In a data security incident notice filed with the Office of Maine Attorney General, Avosina said that on July 29, it identified unauthorised access to its internal network. The healthcare service provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure the affected network and notified relevant law enforcement authorities about the incident.

 

The investigation determined that the incident resulted in the unauthorised exposure of sensitive personal data, including individuals’ names, addresses, medical information, account balances, and medical procedure codes. The filing with the Maine state regulator’s office also states that Avosina has identified 42,261 individuals affected by the incident.

 

While Avosina found no evidence of the compromise data being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. 

 

It has also offered one year of complimentary identity protection and credit monitoring services through IDX to all affected individuals.

 

 

 

The notorious Qilin ransomware group claimed responsibility for the cyber attack on Avosina Healthcare Solutions, listing it as a victim on its data leak site. The group said it had obtained confidential data from the healthcare service provider including personal records, financial data, various databases and threatened to release the entire database unless its ransom demands are met.