Affected individuals are being offered complimentary credit monitoring and medical identity protection through CyEx Medical Shield Complete for 12-24 months, depending on state residency requirements (pursuant to state data breach notification laws, including CCPA and CMIA regulations). Security experts recommend immediate protective measures, including credit freezes with all three major credit bureaus (TransUnion, Experian, Equifax), establishing fraud alerts, and monitoring EOB statements for unexpected medical claims that could indicate medical identity theft. The breach, discovered in October 2024, resulted in unauthorized access to sensitive personal and health information, marking one of the significant healthcare data exposures of the fiscal year 2025. More concerning is the exposure of protected health information (PHI) under HIPAA regulations, including medical diagnoses (ICD-10 codes), treatment details (CPT codes), lab results, and treatment locations. Additionally, certain financial data was compromised, potentially exposing payment card information (PCI), banking details, including routing numbers, and health insurance identifiers such as member/group ID credentials. This breach follows a troubling pattern of healthcare sector targeting, reminiscent of the 2021 Planned Parenthood Los Angeles ransomware attack that exposed approximately 400,000 patient records and resulted in subsequent class-action litigation. The security incident specifically impacts patients who received services at Planned Parenthood centers partnered with LSC for laboratory testing.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 11 Apr 2025 14:50:17 +0000