Houston-based healthcare billing services provider Gryphon Healthcare has disclosed that a cyberattack may have compromised the personal and medical information of up to 393,358 individuals.
Gryphon detected the incident on August 13, confirmed unauthorized access began on July 6, and began notifying those affected on Friday.
Gryphon provided medical billing services for hospitals, emergency departments and EMS providers, imaging centers, independent labs, healthcare facilities, ambulatory surgery centers, and private practices. Potentially exposed data includes: Names, DOBs, Addresses, SSNs, Medical diagnoses, Treatment details, Insurance information, Prescriptions and Medical record numbers.
Approov CEO Ted Miracco offers this perspective:
“This Gryphon Healthcare incident highlights the urgent need for faster detection and response to cyberattacks, especially in sectors like healthcare, where sensitive data is involved. In this case, the initial breach occurred in early July, yet those affected were only informed in October. Such delays are unacceptable as they allow attackers months to exploit the stolen data—names, social security numbers, medical histories, and more. During this time, personal and medical identities can be sold or used for malicious purposes, leading to irreparable damage to the victims.
“Healthcare data is extremely sensitive, making it crucial to have a proactive approach with real-time monitoring, rapid breach detection, and immediate response mechanisms. Relying on post-attack credit monitoring and dark web surveillance, as Gryphon appears to have done, is simply not enough. Companies need to ensure robust protection through enhanced cybersecurity frameworks, as seen in technologies like runtime app attestation, to minimize attack windows. Importantly, cyber insurance should not be the default solution for poor response times, as it shifts responsibility from preventative measures to post-incident compensation, leaving patients vulnerable.
Once again, the healthcare sector is the target of threat actors. And that’s due to the fact that healthcare continues to be low hanging fruit for them. This needs to change or stories like these along with the downstream effects of every one of these incidents will continue to be news for all the wrong reasons.
Related
This entry was posted on October 16, 2024 at 8:27 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Gryphon Healthcare Pwned…. 400,000 People Affected
Houston-based healthcare billing services provider Gryphon Healthcare has disclosed that a cyberattack may have compromised the personal and medical information of up to 393,358 individuals.
Gryphon detected the incident on August 13, confirmed unauthorized access began on July 6, and began notifying those affected on Friday.
Gryphon provided medical billing services for hospitals, emergency departments and EMS providers, imaging centers, independent labs, healthcare facilities, ambulatory surgery centers, and private practices. Potentially exposed data includes: Names, DOBs, Addresses, SSNs, Medical diagnoses, Treatment details, Insurance information, Prescriptions and Medical record numbers.
Approov CEO Ted Miracco offers this perspective:
“This Gryphon Healthcare incident highlights the urgent need for faster detection and response to cyberattacks, especially in sectors like healthcare, where sensitive data is involved. In this case, the initial breach occurred in early July, yet those affected were only informed in October. Such delays are unacceptable as they allow attackers months to exploit the stolen data—names, social security numbers, medical histories, and more. During this time, personal and medical identities can be sold or used for malicious purposes, leading to irreparable damage to the victims.
“Healthcare data is extremely sensitive, making it crucial to have a proactive approach with real-time monitoring, rapid breach detection, and immediate response mechanisms. Relying on post-attack credit monitoring and dark web surveillance, as Gryphon appears to have done, is simply not enough. Companies need to ensure robust protection through enhanced cybersecurity frameworks, as seen in technologies like runtime app attestation, to minimize attack windows. Importantly, cyber insurance should not be the default solution for poor response times, as it shifts responsibility from preventative measures to post-incident compensation, leaving patients vulnerable.
Once again, the healthcare sector is the target of threat actors. And that’s due to the fact that healthcare continues to be low hanging fruit for them. This needs to change or stories like these along with the downstream effects of every one of these incidents will continue to be news for all the wrong reasons.
Share this:
Like this:
Related
This entry was posted on October 16, 2024 at 8:27 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.