Healthcare Provider ILS Alerts 4.2 Million of Data Breach
Independent Living Systems (ILS), a Florida-based company that offers third-party healthcare administration and managed care solutions, has disclosed a data breach that exposed the personal information of over 4.2 million individuals. The number of patients affected makes it the most significant data breach in the healthcare sector disclosed this year.
Exposed information included names, addresses, social security numbers, taxpayer identification numbers, medical information, and health insurance information. Threat actors could use this information to launch phishing or social engineering attacks against affected individuals.
The company filed a data breach notice with the Maine Attorney General on March 14th, but the breach was first detected on July 5th, 2022. A subsequent investigation revealed that threat actors had accessed ILS systems between June 30th and July 5th, 2022.
The data breach notice stated that “some information stored on the ILS network was acquired by the unauthorized actor, and other information was accessible and potentially viewed.”
ILS conducted an internal investigation to identify the individuals affected by the breach, which was completed on January 17th, 2023 — just over six months after the breach originally occurred. Potentially impacted individuals received preliminary notification of the incident on September 2nd, 2022, but letters of notice to those confirmed to be affected have only just started to be sent as of March 14th.
ILS has also provided instructions for affected individuals to enroll in a one-year identity protection service offered by Experian free of charge.
This year’s first quarter has witnessed several data breaches disclosures in the healthcare sector, which has involved the exposure of millions of people's sensitive medical data.
In February 2023, medical groups in California disclosed a ransomware attack that compromised the data of 3.3 million patients. A few weeks later, healthcare giant Community Health Systems also revealed that its data was compromised by a zero-day vulnerability in Fortra's GoAnywhere MFT product.