Medical billing firm Medusind says 2023 cyber attack impacted over 360,000 people

Miami, Florida-based medical billing firm, Medusind, said that the data security incident it suffered in December 2023 compromised the sensitive personal information of more than 360,000 individuals.

 

Medusind is a multinational healthcare service provider that offers medical billing and coding services. The company also provides revenue cycle management, practice management software, and dental billing and coding services.

 

In a data breach notice filed with the Office of Maine Attorney General, Medusind said that on  December 29, 2023, it identified suspicious activity in its internal network.

 

The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident. It also took the affected systems offline and notified relevant law enforcement authorities about the incident.

 

“Through this investigation, we found evidence that a cybercriminal may have obtained a copy of certain files containing your personal information,” the company said in a letter addressed to affected consumers.

 

The compromised data included names, dates of birth, email addresses, addresses, phone numbers, Social Security numbers, taxpayer IDs, driver’s license and passport numbers.

 

Medusind said the stolen data also included patients’ health insurance and billing information, including insurance policy numbers or claims/benefits information, debit & credit card numbers, bank account information, medical history, medical record numbers, and prescription information.

 

The medical billing firm’s filing with the state Attorney General also revealed that at least 360,934 individuals were impacted by the incident. The company says it has implemented enhanced security measures to avoid similar incidents in the future.

 

The healthcare service provider has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. It has also offered two years of complimentary identity protection and credit monitoring services through Kroll to all affected individuals.