Massachusetts-based non-profit health service firm Harvard Pilgrim Health Care has confirmed that more than 2.55 million of its current and former members had their sensitive data compromised following a ransomware attack in April, BleepingComputer reports.
Threat actors were able to infiltrate Harvard Pilgrim Health Care's systems between March 28 and April 17, enabling the theft of information from members that have registered since March 28, 2012, including their full names, birthdates, phone numbers, addresses, Social Security numbers, health insurance account details, provider taxpayer identification numbers, and clinical data, said HPHC in its data breach notice.
"We are continuing our active investigation and conducting extensive system reviews and analysis before we can resume our normal business operations," HPHC added.
HPHC also noted that there has been no indication of any misuse of stolen data but members whose data may have been impacted by the incident were urged to be more vigilant of potential phishing or social engineering attacks.
Vulnerabilities impacting cloud analytics and business intelligence software Qlik Sense have been exploited to facilitate the deployment of CACTUS ransomware in a new campaign, The Hacker News reports.
Cyber Resilience in the Ransomware and Wiper Era New Strategies for CISOs to Protect
The changing face of ransomware, and how to respond
Unveiling the Hidden Threat: Hybrid Attackers Leveraging Identities to Execute Ransomware
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news