Categories: News

DataHEALTH, Inc. Begins Notification of Cybersecurity Incident

AUSTIN, Texas, Jan. 20, 2022 /PRNewswire/ — DataHEALTH, Inc. (“DataHEALTH”), a cloud hosting, cloud backup, data storage and recovery service provider for the health care industry that provides services to health care providers throughout the country, today announced that it experienced a criminal ransomware attack on some of its servers that contain health care providers’ information. DataHEALTH is providing this notice on behalf of impacted health care providers.

Upon learning of the incident on November 3, 2021, DataHEALTH immediately took measures to contain the threat, launched an investigation, and third-party cybersecurity forensic experts were engaged. DataHEALTH also notified federal law enforcement. The investigation determined that DataHEALTH was the target of a criminal ransomware attack on its cloud hosting services. DataHEALTH cloud backup customers were not impacted.

As a result of the investigation, DataHEALTH learned that the unauthorized party accessed and acquired files containing patient data from a limited number of DataHEALTH’s servers. The threat actor appears to have been able to gain access by using compromised credentials for third-party software that some DataHEALTH health care provider customers utilize. Currently, DataHEALTH has not found evidence that any DataHEALTH-specific accounts or credentials were compromised, nor has it found evidence that any of DataHEALTH’s encrypted databases were accessed.

While the investigation is still ongoing, due to the nature of the attack and the information involved, DataHEALTH has not been able to rule out potential access to certain health care providers’ patient information if it was not in DataHEALTH’s encrypted databases. DataHEALTH’s investigation determined that any customers who receive cloud backup services were not impacted by the ransomware incident. Only certain health care providers that receive DataHEALTH hosting services were actually or potentially impacted. 

On December 15, 2021, DataHEALTH began notifying health care providers whose data files were on the threat actor’s list of exfiltrated files based upon searches performed for those files on DataHEALTH servers. On January 20, 2022, DataHEALTH began notifying impacted individuals. Because DataHEALTH has not been able to rule out potential access in all instances, DataHEALTH sent additional notification to potentially impacted health care providers on January 11, 2022 and is engaging with those providers to identify additional individuals who may need to be provided notification.

At this time, DataHEALTH has no reason to believe the compromised data was used inappropriately by the unauthorized party and has not received any reports of identity theft associated with this incident. Impacted individuals are being notified directly via U.S. mail either by DataHEALTH or by its customers, at their discretion.

DataHEALTH has implemented additional security protocols and continues to evaluate further steps that may be taken. In addition, DataHEALTH is continuing to support federal law enforcement’s investigation.

In an abundance of caution, DataHEALTH has taken steps to ensure that any impacted individuals receive complimentary credit monitoring and identity protection services. For more information, questions may be directed to (855) 618-3165, Monday through Friday, between 8:00 a.m. and 5:30 p.m. Central Time.

 

View original content:https://www.prnewswire.com/news-releases/datahealth-inc-begins-notification-of-cybersecurity-incident-301465387.html

SOURCE DataHEALTH

Staff

Recent Posts

NuGen Announces Canada-Wide Launch of InsuJet

3,250 InsuJet Starter Packs Being Delivered to Pharmacies Across CanadaToronto, Ontario--(Newsfile Corp. - November 22,…

3 minutes ago

purelyIV Launches Mobile App for Seamless Wellness Management

The new app allows users to browse services, book IV therapy, manage appointments, purchase packages,…

3 minutes ago

Independence Blue Cross launches Epic Payer Platform to transform care coordination and boost member health outcomes

PHILADELPHIA, Nov. 22, 2024 /PRNewswire/ -- Independence Blue Cross (IBX) is implementing the Epic Payer Platform…

3 minutes ago

Largest Virginia FQHC Leverages eClinicalWorks and Sunoh.ai to Witness Significant Time-Savings and Reduced Physician Burnout

eClinicalWorks and the AI medical scribe assist the 126-provider health center in completing documentation at…

6 hours ago