Next Step Healthcare in Massachusetts over the weekend confirmed it notified thousands of patients of a June 2024 data breach that compromised SSNs, medical records, financial account details, drivers’ licenses, and credit and debit card numbers
So far, 10,041 residents in Massachusetts and 1,697 in New Hampshire are known to be compromised.
In a blog post reporting this news, Paul Bischoff, Consumer Privacy Advocate at Comparitech, wrote:
“Comparitech researchers logged 162 confirmed ransomware attacks on US hospitals, clinics, and other direct care providers in 2024, compromising 27.2 million records. Another 125 claims remain unconfirmed. In 2025 so far, we recorded 26 confirmed attacks affecting 1.8 million records, plus 90 unconfirmed attacks. On average, it takes hospitals and other healthcare businesses 3.7 months to notify victims of a data breach.”
“Ransomware attacks on US hospitals, clinics, and other care providers can cripple key systems and endanger the health, privacy, and security of patients. Hospitals must pay a ransom or face extended downtime, data loss, and putting patients and staff at increased risk of fraud. Hospitals and clinics might have to resort to pen and paper, cancel appointments, and divert patients elsewhere until systems are restored.”
“Elderly people are at a higher risk of identity theft. The data breached in the attack on Next Step could lead to financial exploitation of victims. More than 6 in 100 elderly people in the United States have been victims of elder fraud.”
Health care as frequent readers of this blog will know is a prime target for threat actors. This sector is not as well resourced to defend itself from a cyberattack, thus a threat actor can really go to town on most in this sector. Rapid change is required to address this as the status quo isn’t acceptable.
Related
This entry was posted on June 2, 2025 at 11:36 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Next Step Healthcare Confirmed MA & NH Data Breach of PHI and PI
Next Step Healthcare in Massachusetts over the weekend confirmed it notified thousands of patients of a June 2024 data breach that compromised SSNs, medical records, financial account details, drivers’ licenses, and credit and debit card numbers
So far, 10,041 residents in Massachusetts and 1,697 in New Hampshire are known to be compromised.
In a blog post reporting this news, Paul Bischoff, Consumer Privacy Advocate at Comparitech, wrote:
“Comparitech researchers logged 162 confirmed ransomware attacks on US hospitals, clinics, and other direct care providers in 2024, compromising 27.2 million records. Another 125 claims remain unconfirmed. In 2025 so far, we recorded 26 confirmed attacks affecting 1.8 million records, plus 90 unconfirmed attacks. On average, it takes hospitals and other healthcare businesses 3.7 months to notify victims of a data breach.”
“Ransomware attacks on US hospitals, clinics, and other care providers can cripple key systems and endanger the health, privacy, and security of patients. Hospitals must pay a ransom or face extended downtime, data loss, and putting patients and staff at increased risk of fraud. Hospitals and clinics might have to resort to pen and paper, cancel appointments, and divert patients elsewhere until systems are restored.”
“Elderly people are at a higher risk of identity theft. The data breached in the attack on Next Step could lead to financial exploitation of victims. More than 6 in 100 elderly people in the United States have been victims of elder fraud.”
Health care as frequent readers of this blog will know is a prime target for threat actors. This sector is not as well resourced to defend itself from a cyberattack, thus a threat actor can really go to town on most in this sector. Rapid change is required to address this as the status quo isn’t acceptable.
Share this:
Like this:
Related
This entry was posted on June 2, 2025 at 11:36 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.