MNGI Digestive Health reported a breach impacting 765,000 patients.
On August 25, 2023, the company detected suspicious activity in its digital systems. Investigation revealed that on August 20, unauthorized access to its network had occurred. This prompted immediate security measures and an extensive review by cybersecurity experts.
It wasn't until June 7, 2024, that MNGI confirmed personal and protected health information of certain patients and employees had potentially been compromised. The data involved could include names, Social Security numbers, medical details, and more. By July 15, 2024, MNGI had notified affected individuals by mail and had taken further steps to bolster their network security to prevent future incidents. They also set up a toll-free call center to assist concerned parties and provide guidance on protecting their personal information.
According to the Notice of Security Breach, “While we are not aware of the misuse of any potentially affected individual’s information, we are providing the following information to help those wanting to know more about steps they can take to protect themselves and their personal information.”
Following the effects of the Change healthcare breach, the discussion revolving around data breaches has shifted. With the reality having set in exactly how many individuals can be impacted and the residual effects the organization itself can face. Breaches like this one expose highly sensitive data including Social Security numbers, medical histories, and financial details—information that can be exploited for identity theft and financial fraud. Such personal data, especially health information, is not only sensitive but also extremely valuable on the black market, making it a prime target for criminals.
This brings to the forefront the broader systemic issues within healthcare data security practices. While legislation attempts to catch up, threat actors are faster, developing new methods of cyberattack at a rapid pace. This brings to attention the need for innovation and strengthened cybersecurity measures across the sector.
See also: HIPAA Compliant Email: The Definitive Guide
A data breach is when unauthorized individuals gain access to private and confidential information.
PHI stands for Protected Health Information, which includes any health information that can identify an individual.
The organization that governs cybersecurity in the US is the Cybersecurity and Infrastructure Security Agency (CISA).