Conifer Revenue Cycle Solutions, LLC (“we” or “Conifer”), a provider of revenue cycle management and other administrative services to healthcare providers, suffered a cybersecurity incident that affected its users' personal information.
An unauthorized third party gained access to a Microsoft Office 365-hosted business email account and compromised certain information.
The exposed information involved information to identify the individual (such as full name, date of birth, and address); (2) Social Security number, driver’s license/state ID number, and/or financial account information; (3) medical and/or treatment information (such as medical record number, dates of service, provider and facility, diagnosis or symptom information, and prescription/medication); (4) health insurance information (such as payor name and subscriber/Medicare/Medicaid number); and (5) billing and claims information.
However, upon revelation, the email account was separate from Conifer’s internal network and systems, and those who were affected were notified.
Source: https://response.idx.us/crcs-information-texas/
TPRM report: https://scoringcyber.rankiteo.com/company/conifer-health-solutions
"id": "con23171122",
"linkid": "conifer-health-solutions",
"type": "Breach",
"date": "08/2022",
"severity": "80",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'name': 'Conifer Revenue Cycle Solutions, LLC',
'type': 'Company'}],
'attack_vector': 'Email Account Compromise',
'data_breach': {'personally_identifiable_information': ['Full Name',
'Date of Birth',
'Address',
'Social Security '
'Number',
"Driver's "
'License/State ID '
'Number',
'Medical Record '
'Number',
'Dates of Service',
'Provider and '
'Facility',
'Diagnosis or Symptom '
'Information',
'Prescription/Medication'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
'Social Security Numbers',
"Driver's License/State ID "
'Numbers',
'Financial Account Information',
'Medical Information',
'Health Insurance Information',
'Billing and Claims '
'Information']},
'description': 'Conifer Revenue Cycle Solutions, LLC, a provider of revenue '
'cycle management and other administrative services to '
'healthcare providers, suffered a cybersecurity incident that '
"affected its users' personal information. An unauthorized "
'third party gained access to a Microsoft Office 365-hosted '
'business email account and compromised certain information.',
'impact': {'data_compromised': ['Personal Information',
'Social Security Numbers',
"Driver's License/State ID Numbers",
'Financial Account Information',
'Medical Information',
'Health Insurance Information',
'Billing and Claims Information'],
'systems_affected': ['Microsoft Office 365-hosted Business Email '
'Account']},
'initial_access_broker': {'entry_point': 'Microsoft Office 365-hosted '
'Business Email Account'},
'threat_actor': 'Unauthorized Third Party',
'title': 'Conifer Revenue Cycle Solutions Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Unauthorized Access to Email Account'}