U.S. administrative and clinical healthcare services provider Calibrated Healthcare acknowledged a data breach that compromised sensitive patient information, as per a recent filing with the Attorney General of California.
The Calibrated Healthcare security incident exposed data used in healthcare and billing processes, such as personally identifiable information (PII), including names, Social Security Numbers, dates of birth, medical diagnoses, treatment details, health insurance details, and driver’s license numbers.
The unauthorized access to the healthcare services provider’s systems occurred on February 25 and 26, 2024.
The filed notice does not reveal the number of impacted patients or how the data breach happened, but the company does mention not seeing evidence of it being used for identity theft or fraud yet.
The notification letters sent to affected individuals starting May 1 say Calibrated Healthcare is offering 12 to 24 months of complimentary credit monitoring and identity protection services through Epiq.
Calibrated Healthcare handles claims, medical management, population health management, member data management, document management services, system configuration, coding services, provider credentialing, and healthcare management consulting for several clients, boasting ”Certified for SOC 1 Type I and SOC 2 Type II data security.”
Cyberattacks on the healthcare industry are not new. American company Change Healthcare was hit by a ransomware attack earlier this year, which impacted its customer database, exposing personal details such as health and PII.
In July, HealthEquity announced suffering a security breach that affected 4.3 million customers due to data stolen from a third party with access to HealthEquity’s SharePoint data.