Independent Living Systems (ILS), is a Miami-based healthcare administration and managed care solutions provider. They experienced a data breach that impacted the personal information of 4,226,508 individuals. This make it the largest data breach in the healthcare sector this year.

Data breach timeline

The company discovered the breach on July 5, 2022, after which they initiated an investigation. The investigation reveals that the attackers had access to ILS systems between June 30 and July 5, 2022. During which time they obtained personal information stored on the ILS network.

Personal information exposed

The breach potentially expose sensitive personal information of patients. It includes full names, Social Security numbers, taxpayer identification numbers, medical information, and health insurance information.

Impact on patients

The breach severely impacts the privacy of the affected patients. This stolen data could be used for phishing or social engineering attacks against them.

ILS’s response to data breach

ILS completed its internal review of the breach on January 17, 2023, more than six months after discovering it. The company clarified that some affected individuals received preliminary notifications on September 2, 2022.

Identity protection services offered

ILS has provided instructions for affected individuals to enroll in one year of free identity protection services by Experian to safeguard their identities from misuse.

Other healthcare data breaches this year

The healthcare sector has witnessed several data breaches in the first quarter of 2023, including multiple medical groups in California, Community Health Systems (CHS), and Cerebral.

In February 2023, several medical groups in California disclosed that a ransomware attack had exposed the data of 3.3 million patients. A few days later, healthcare giant CHS reported a data breach caused by a zero-day vulnerability in Fortra’s GoAnywhere MFT product. The vulnerability resulted in the compromise of some of CHS’s data.

On March 10, 2023, healthcare platform Cerebral sent notifications of a data breach to 3.18 million people. The breach occurred due to a misconfiguration in trackers used on the platform, which compromised patients’ privacy.

Recap on data breach

The healthcare sector continues to be a prime target for cybercriminals, and it is essential for healthcare providers to implement robust security measures to prevent data breaches and protect their patients’ personal information.