Medical billing provider Gryphon says cyber attack compromised the data of close to 400,000 patients

Houston, Texas-based healthcare billing services provider Gryphon Healthcare said that the data security incident it suffered earlier this year compromised the sensitive personal information of almost 400,000 individuals.

 

In a data security incident notice filed with the Office of Maine Attorney General, Gryphon said that on August 13, it became aware of a data security incident affecting a client company to whom it offered medical billing services. This, in turn, enabled threat actors to illegally access certain personal and protected health information maintained by Gryphon.

 

“As a result of this third-party security incident, an unauthorised actor may have accessed certain files and data containing information relative to patients for whom Gryphon provides medical billing services. 

 

“Gryphon then launched a comprehensive review of all potentially affected files to confirm the individuals and information involved which concluded on September 3, 2024,” reads the notice.

 

The investigation revealed that sensitive personal information of Gryphon’s patients, including their names, dates of birth, addresses, Social Security numbers, dates of service, diagnosis information, health insurance information, medical treatment information, prescription information, provider information and medical record numbers were compromised during the incident.

 

Gryphon’s filing with the Maine state regulator also revealed that at least 393,358 individuals were impacted by the data security incident.

 

“As soon as Gryphon discovered this incident, Gryphon took the steps and implemented measures to enhance security and minimize the risk of a similar incident occurring in the future,” the billing provider said.

 

It added that it found no evidence of the compromised information being misused, but has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

Gryphon has also offered one year of complimentary identity protection and credit monitoring services through IDX to all affected individuals.