- Medusind begins notifying victims of data breach in December 2023
- The incident led to the loss of payments and personal data of 360,000 people
- Company Offers Two Free Years of Identity Theft Monitoring
Medusind, a leading medical billing company, has confirmed that it suffered a cyberattack in which hundreds of thousands of people lost sensitive data, including payment information.
In a data breach notification letter, the company said the incident occurred on December 29, 2023 and was spotted on the same day. Medusind being a healthcare revenue cycle management company provides billing support to healthcare organizations, and it is the patients of these healthcare companies who had their data seized in this attack.
A detailed investigation into the attack revealed that the threat actors stole health insurance and billing information (insurance policy numbers or claims/benefit information), payment information (card numbers debit/credit, bank account information), health data (medical history, medical information). case number, prescription information), government identifying information (social security numbers, taxpayer IDs, driver’s license, passport numbers), and other personal information (email addresses, phone numbers , dates of birth, etc.) – all of which could put victims in a difficult situation. risk of identity theft or worse.
Hundreds of thousands of victims
In a separate filing with the Maine Attorney General’s Office, Medusind confirmed that exactly 360,934 people were affected.
“The particular type of information involved depends on each individual,” he emphasizes in the letter.
There is currently no evidence of data abuse in the wild, and Medusind offers two years of free identity theft monitoring through Kroll. He also urged victims to monitor their account statements for unexpected or strange entries that could signal identity theft or fraud attempts, and to report them to authorities.
Due to the sensitivity of the data they exploit and the high cost of recovering it, healthcare establishments are among the most targeted by ransomware perpetrators. In fact, a recent analysis from Sophos found that the average cost of recovering from a ransomware attack was $2.57 million in 2024, up from $2.2 million the year before.
