Salusive Health Data Breach
Salusive Health, a California based healthcare firm, announced in early May that it had been the victim of a data breach. The digital healthcare startup, also known as myNurse, specializes in providing care management, monitoring, and coaching to remote patients. The breach was first discovered on March 7th, 2022 as unauthorized access to the firm’s health data. The company began sending out breach notifications to patients believed to be affected on April 29th. The breach involved personally identifiable information (PII) such as names, contact information, gender, and birth dates. Medical information such as lab test results, prescriptions diagnoses and treatments, plus health insurance details like medical account numbers, claims, policy and group plan numbers were also accessed. To date, there is no evidence that anything was done with the compromised information. It is not yet known how many patients were affected by the breach.
|IDENTIFY INDICATORS OF COMPROMISE (IOC)|
While Salusive Health has not provided any details about the breach, a spokesperson said that the company identified unauthorized activity within its computer network back on March 7th, 2022.
|CONTAINMENT (If IoCs are identified)|
The company states that they went into immediate action once the incident was discovered. This included the implementation of a containment strategy that managed to terminate the unauthorized activity. An outside cybersecurity firm was brought in to assist in securing the network and begin mitigation and restoration efforts. The incident was reported to the FBI. In addition, the company also contacted the California Attorney’s General Office to comply with the California Consumer Protection Act (CCPA). Affected patients were invited to enroll in a program that provides 24 months of credit and CyberScan monitoring as well as a $1 million insurance reimbursement policy.
|COMPANY CLOSES ITS DOORS|
In addition to the breach notification Salusive Health also alerted patients that they were ceasing clinical operations effective May 31st, 2022. Patients are encouraged to notify their primary physicians to transition their remote care back to a local clinic. The company’s CEO said that the decision to shut its doors was unrelated to the breach but instead was being done to help company leadership to adjust their business model in response to a changing healthcare landscape.
It is important that businesses adhere to the principle of least privilege (PoLP) regarding their sensitive and proprietary data. Users should only have access to the data and resources they need to perform their job duties. This policy should apply to high level IT admins and company executives also, as the compromise of a single account can give unbridled access to an attacker. Multifactor authentication (MFA) should be utilized for not only email access but for basic server access as well. All database resources should be partitioned from the production network using a solution such as a next generation firewalls or micro-segmentation that restricts only allowed traffic types between known IP addresses, ports and protocols. Filters should also be implemented to analyze and scrub incoming traffic of malicious or suspicious code.
HALOCK Breach Bulletins
Recent data breaches to understand common threats and attacks that may impact you – featuring description, indicators of compromise (IoC), containment, and prevention.