Medical billing firm Medusind discloses breach affecting 360,000 people
Medusind, a leading billing provider for healthcare organizations, is notifying hundreds of thousands of individuals of a data breach that exposed their personal and health information more than a year ago, in December 2023.
The Miami-based company operates 12 locations across the United States and India, and it also provides revenue cycle management services to over 6,000 healthcare providers, helping them reduce operating costs and maximize revenue.
Medisund says in a data breach notification letter filed with the Office of Maine's Attorney General that it spotted the breach more than one year ago, in December 2023, after detecting suspicious activity on its network.
"Upon discovering the suspicious activity, Medusind took the affected systems offline and hired a leading cybersecurity forensic firm to conduct an investigation," according to the breach notice.
"Through this investigation, we found evidence that a cybercriminal may have obtained a copy of certain files containing your personal information."
In the Maine filing, the company revealed that the December 2023 breach affected the personal and health information of 360,934 individuals.
Documents exposed in the incident contained the following data types, although the impacted information varies by affected individual:
- health insurance and billing information (such as insurance policy numbers or claims/benefits information),
- payment information (such as debit/credit card numbers or bank account information),
- health information (such as medical history, medical record number, or prescription information),
- government identification (such as Social Security number, taxpayer ID, driver's license, or passport number),
- and other personal information (such as date of birth, email, address, or phone number).
Medusind offers those affected by this data breach two years of free Kroll identity monitoring services, including credit monitoring, fraud consultation, and identity theft restoration.
It also warned them to keep track of their account statements for signs of potential identity theft and fraud attempts and to monitor credit reports for unauthorized or suspicious activity.
These notifications come after the U.S. Department of Health and Human Services (HHS) proposed updates to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in late December 2024 to secure patients' health data following a surge in massive healthcare security breaches and data leaks affecting hospitals and Americans in recent years.
These overhauled cybersecurity rules mandate healthcare organizations to encrypt Americans' protected health information (PHI), implement multifactor authentication wherever possible, and segment networks to make it harder for cybercriminals to move laterally through them.
Ascension, one of the largest private U.S. healthcare systems, recently alerted nearly 5.6 million people that their data was stolen in a May cyberattack claimed by the Black Basta ransomware gang.
In October, UnitedHealth confirmed the most significant healthcare breach in recent years, stemming from a February Change Healthcare ransomware attack that affected over 100 million people.
Over 4,000 backdoors hijacked by registering expired domains
Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2025-24983 Microsoft Windows Win32k Use-After-Free Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
InformationalInformation Disclosure - Suspicious Comments
InformationalRe-examine Cache-control Directives
Free online web security scanner