Continuum Health Alliance data breach impacted over 375,000 patients
News28 Aug 2024
Continuum Health Alliance, a Marlton, New Jersey-based managed services provider to the healthcare sector, said it experienced a data security incident in October 2023 that compromised the sensitive personal information of more than 375,000 individuals.
Founded in 1998, Continuum Health Alliance, LLC, now known as Consensus Health, provides information technology, revenue cycle management, administration and financial service solutions to hospital-based and independent physician groups.
Founded in 1998, Continuum Health Alliance, LLC, now known as Consensus Health, provides information technology, revenue cycle management, administration and financial service solutions to hospital-based and independent physician groups.
The group is composed of about 150 New Jersey-based independent primary care providers, specialty doctors, and nearly 50 practices operating in 17 out of New Jersey’s 20 counties.
In a filing with the Office of Maine Attorney General on August 21, the healthcare services company said that on October 19, 2023, it identified suspicious activity in its internal network and immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.
“The investigation determined that an unauthorised actor gained access to certain systems in our network between October 18, 2023 and October 19, 2023, and accessed or acquired certain files stored on those systems during this time,” Consensus said.
“We identified the affected files and conducted a comprehensive review of the files in order to identify the type of information contained therein, and to whom the information relates. On August 14, 2024, this extensive review was completed,” it added.
According to the company’s filing, the compromised data included names, health insurance information and medical information. The filing with the Maine state regulator also revealed that at least 377,119 individuals were impacted by the incident.
“Upon becoming aware of this incident, we immediately took steps to secure our systems and performed a full investigation. We have implemented additional security measures to further protect against similar incidents moving forward. Federal law enforcement is aware of this incident, and we also notified applicable regulators as required, including the U.S. Department of Health and Human Services,” Consensus added.
While the healthcare services provider found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.
It has also offered one year of complimentary identity protection and credit monitoring services through TransUnion to all affected individuals.
In a filing with the Office of Maine Attorney General on August 21, the healthcare services company said that on October 19, 2023, it identified suspicious activity in its internal network and immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.
“The investigation determined that an unauthorised actor gained access to certain systems in our network between October 18, 2023 and October 19, 2023, and accessed or acquired certain files stored on those systems during this time,” Consensus said.
“We identified the affected files and conducted a comprehensive review of the files in order to identify the type of information contained therein, and to whom the information relates. On August 14, 2024, this extensive review was completed,” it added.
According to the company’s filing, the compromised data included names, health insurance information and medical information. The filing with the Maine state regulator also revealed that at least 377,119 individuals were impacted by the incident.
“Upon becoming aware of this incident, we immediately took steps to secure our systems and performed a full investigation. We have implemented additional security measures to further protect against similar incidents moving forward. Federal law enforcement is aware of this incident, and we also notified applicable regulators as required, including the U.S. Department of Health and Human Services,” Consensus added.
While the healthcare services provider found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.
It has also offered one year of complimentary identity protection and credit monitoring services through TransUnion to all affected individuals.
Related Articles
Most Viewed
The Expert View: AI and LLMs from a Cyber Security PerspectiveSponsored by Withsecure
The Expert View: Proactive Threat IntelligenceSponsored by Rapid7
The Expert View: Building a cyber-resilient organisationSponsored by BT & Zscaler
The Expert View: IT Visibility - the gift that keeps on givingSponsored by Tanium
Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF
23-29 Hendon Lane, London, N3 1RT
020 8349 4363
© 2024, Lyonsdown Limited. teiss® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543
We use cookies so we can provide you with the best online experience. By continuing to browse this site you are agreeing to our use of cookies. Click on the banner to find out more.