HealthSecure Inc.

In July 2023, HealthSecure Inc., a leading provider of digital health security solutions, fell victim to a sophisticated ransomware attack. The cybercriminals behind the attack exploited a known, but unpatched, vulnerability in the company's file transfer software to gain unauthorized access to the network. The attack resulted in the encryption of critical patient data and operational software, severely disrupting services. The attackers demanded a ransom for the decryption keys. HealthSecure's decision not to pay the ransom, based on their data recovery strategies, led to significant delays in restoring systems. Consequently, patient care services were delayed, and sensitive health records of over 10,000 patients were presumed compromised. This data included personal identifiable information, medical history, and current treatment plans, posing a substantial risk to patient privacy and company credibility.

Source: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

"id": "hea517050424",
"linkid": "healthsecure-inc",
"type": "Breach",
"date": "07/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"