Medusind Inc., a medical and dental billing and software company, experienced a data breach on or about December 29, 2023, resulting in unauthorized access to highly sensitive personal and protected health information. The compromised data included names, addresses, emails, phone numbers, insurance and billing details, payment records, medical histories, and government-issued identification numbers (e.g., Social Security numbers). The breach exposed individuals to risks of identity theft, financial fraud, and medical fraud, prompting a $5 million class-action settlement. Affected individuals primarily U.S. residents notified of the incident can claim up to $5,000 for documented losses (e.g., fraud expenses, credit-freeze costs) or an estimated $100 alternate cash payment, with additional $100 for California residents under state laws. The settlement also offers two years of free credit monitoring. The breach underscored Medusind’s alleged failure to implement adequate cybersecurity safeguards, though the company denied liability. The incident highlights severe reputational damage, financial penalties, and long-term trust erosion among patients and healthcare partners.
Source: https://www.claimdepot.com/settlements/medusind-data-incident-settlement
TPRM report: https://www.rankiteo.com/company/medusind
"id": "med1803218092025",
"linkid": "medusind",
"type": "Breach",
"date": "12/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Individuals who received breach '
'notices (exact number '
'unspecified)',
'industry': 'Healthcare',
'location': 'United States',
'name': 'Medusind Inc.',
'type': 'Medical and Dental Billing/Software Company'}],
'customer_advisories': ['Eligibility for up to $5,000 in documented losses or '
'$100 alternate cash payment',
'Two years of free credit monitoring for all class '
'members',
'Additional $100 payment for California residents (as '
'of Dec. 29, 2023)'],
'data_breach': {'data_exfiltration': 'Likely (unauthorized access confirmed)',
'personally_identifiable_information': ['Names',
'Addresses',
'Emails',
'Phone numbers',
'Government '
'identification '
'numbers'],
'sensitivity_of_data': 'High (includes medical records and '
'government IDs)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)',
'Financial Data']},
'date_detected': '2023-12-29',
'description': 'Medusind Inc., a medical and dental billing and software '
'company, experienced a data breach on or about December 29, '
'2023, resulting in unauthorized access to sensitive personal '
'and health information. The breach exposed names, addresses, '
'emails, phone numbers, insurance and billing data, payment '
'details, medical records, and government identification '
'numbers. A $5 million class action settlement was agreed upon '
'to resolve claims related to the incident.',
'impact': {'brand_reputation_impact': 'Significant (settlement and public '
'disclosure)',
'customer_complaints': 'Class action lawsuit filed',
'data_compromised': ['Names',
'Addresses',
'Emails',
'Phone numbers',
'Insurance and billing data',
'Payment details',
'Medical records',
'Government identification numbers'],
'financial_loss': {'attorneys_fees': 'Up to $1,666,667',
'claimant_payouts': 'Remaining funds after '
'costs',
'credit_monitoring_costs': 'To be determined '
'(based on claims)',
'settlement_fund': '$5,000,000'},
'identity_theft_risk': 'High (PII and PHI exposed)',
'legal_liabilities': '$5,000,000 settlement',
'payment_information_risk': 'High (payment details exposed)'},
'investigation_status': 'Settled (class action lawsuit resolved)',
'post_incident_analysis': {'corrective_actions': ['$5,000,000 settlement fund '
'for affected individuals',
'Credit monitoring services '
'offered'],
'root_causes': 'Alleged failure to adequately '
'protect private and health '
'information'},
'references': [{'source': 'Class Action Settlement Notice'},
{'source': 'Settlement Administrator (Medusind Data '
'Incident)'}],
'regulatory_compliance': {'legal_actions': ['Class action lawsuit settled for '
'$5,000,000',
'Allegations of inadequate data '
'protection']},
'response': {'communication_strategy': ['Breach notices sent to affected '
'individuals',
'Class action settlement '
'communication (claim forms, '
'deadlines, payout options)']},
'stakeholder_advisories': ['Breach notices to affected individuals',
'Settlement claim forms and instructions'],
'title': 'Medusind Inc. Data Breach (December 2023)',
'type': ['Data Breach', 'Unauthorized Access']}