[BreachExchange] Affordacare data breach worse than company first thought

Destry Winant destry at riskbasedsecurity.com
Mon Apr 6 10:20:03 EDT 2020


Hackers who conducted a ransomware attack against servers operated by
Affordacare Urgent Care Clinics may have had access to more data than
initially reported, Affordacare revealed in a news release Thursday.

Affordacare — which operates two locations in Abilene and as well as
clinics in Big Spring, Early, Stephenville and Wichita Falls — said in
a Tuesday release that the data breach had been limited.

"Affordacare has learned the breach also may have affected Social
Security numbers, diagnosis codes, relevant medical history and other
health care information in addition to what was previously reported,"
the new release said.

This is in addition to the types of data previously revealed to have
been compromised, which included "patient name, address, telephone
number, date of birth, age, date of visit, location of visit, reason
for visit, insurance plan provider, insurance plan policy number,
insurance group number, treatment codes and descriptions, and brief
comments from the health care provider," the previous release said.

The new release states that affected patients have been offered credit
and cybersecurity monitoring, a $1 million insurance reimbursement
policy and identity theft recovery services, with further information
provided in letters to those who were affected.

More information about the BreachExchange mailing list