ALPHV BlackCat Data Breach: Premise Health, Others Targeted


In the relentless onslaught of cyber threats, health organizations find themselves ensnared in a web of vulnerability, with the recent ALPHV BlackCat data breach spree casting a shadow over the industry. Premier health management platform Premise Health and digital lending platform MeridianLink are the latest casualties, exposing the sensitive information of millions of customers and employees.

This article provides a detailed exploration of these breaches, shedding light on the Truepill data breach fallout and the resilience demonstrated by dental supplier giant Henry Schein Inc. in the face of a cyberattack.

ALPHV BlackCat Data Breaches

The health management platform Premise Health faced an alleged breach by the hacker group ALPHV BlackCat, which claimed to have exfiltrated a staggering 187 GB of customers’ and employees’ personally identifiable information (PII).

Adding to the growing list of security incidents, MeridianLink, a digital lending platform for banks and credit unions, also reported ALPHV BlackCat data breach. The extent of the MeridianLink data breach and the specific data compromised remain undisclosed at this time. The ALPHV BlackCat data breaches further highlight the vulnerability of critical financial systems to cyber threats, with potential repercussions for both financial institutions and their clients.

ALPHV BlackCat Data Breach: Premise Health, Others Targeted

Truepill Data Breach Fallout

However, these are not isolated cases. Truepill, a pharmacy provider, reported a data breach affecting 2.3 million customers. Postmeds, operating as Truepill, revealed that threat actors gained unauthorized access to sensitive personal information, including full names, medication types, demographic details, and the names of prescribing physicians. While Social Security numbers were not compromised, the exposed data poses a significant risk for potential phishing and social engineering attacks.

The discovery of unauthorized network access on August 31, 2023, raises concerns about the delayed notification to affected individuals, with the Truepill data breach having occurred a day before. Some recipients of the Truepill data breach notifications expressed confusion, claiming they had no previous association with the company.

The far-reaching consequences of the Truepill data breach have prompted the initiation of multiple class action lawsuits across the country. Plaintiffs argue that better security measures, such as encrypting sensitive healthcare information stored on servers, could have prevented the breaches and mitigated their impact. Postmeds faces criticism for the delayed disclosure, taking more than two months to inform those affected.

During this time, impacted individuals reported observing suspicious activities on their Venmo accounts, confirming later that their personal data had surfaced on the dark web. The lack of specificity in breach notices, coupled with the absence of details on how the intruders gained access and the failure to provide protection guidance, has intensified concerns and fueled legal actions.

Law firms leading litigation motions against Postmeds assert that leaked data extends beyond what was disclosed in the breach notice. Additional information, including addresses, dates of birth, medical treatment details, diagnosis information, and health insurance data, was allegedly compromised.

Henry Schein Inc. Rebounds from Cyberattack Disruption

One of the major distributors of dental supplies, Henry Schein Inc., has fallen victim to a significant data breach affecting its core systems, including distribution and ecommerce. The company, with sales reaching US$12.6 billion in 2022, recently regained online functionality after the cyberattack on October 14.

CEO Stanley Bergman reported that a clean network was established from backup data, with distribution operations now operational and the ecommerce platform set to be initiated. The extent and origin of the breach remain undisclosed, but it caused substantial disruption to the company’s digital commerce, comprising about 75% of sales.

The incident led to a delay in filing the third-quarter earnings report, and Henry Schein anticipates filing an insurance claim in 2024 with a $60 million after-tax claim limit. Despite challenges, the company expressed gratitude for customer support and acknowledged the prevalence of cyber issues in the healthcare sector.

Strengthening Defenses Amid Rising Cyber Threats

The surge in notable ALPHV BlackCat data breaches prompts a reevaluation of organizations’ cybersecurity readiness in the face of evolving cyber threats. Businesses grapple with the imperative to enhance defenses, emphasizing the protection of customer and employee data.

Cybersecurity experts stress the importance of rigorous measures, such as security audits, employee training, and advanced threat detection technologies.

These ALPHV BlackCat data breaches highlight the proactive approach required to navigate the escalating sophistication of cyber threats. As the repercussions unfold, a collective call for improved cybersecurity practices resonates, highlighting the need for united efforts to thwart evolving threats in the digital landscape.





Source link