A New Jersey-based medical diagnostic lab, siParadigm, recently reported a data breach impacting 26,534 individuals.
What happened
siParadigm recently notified 26,534 individuals about a data breach that exposed their protected health information (PHI). The breach, discovered on June 11, 2024, involved unauthorized access to its computer network, leading to the potential exposure of names, Social Security numbers, dates of birth, addresses, and medical information. SiParadigm has since taken steps to enhance its cybersecurity defenses and has offered affected individuals complimentary credit monitoring.
Going deeper
Ransomware group Akira claimed responsibility for the siParadigm breach in July 2024 and said it had stolen 114 GB of data. They allegedly breached PHI, as well as passports, NDAs, driver's licenses, and financial data. However, siParadigm hasn't confirmed the extent of Akira's claims or if a ransom was demanded or paid.
Active since March 2023, Akira has mainly targeted sectors in health, finance, and education. The group’s double extortion method forces the victims to make ransom payments to unlock their systems and not sell or publish sensitive information.
What was said
The siParadigm breach notice states, “The third-party digital forensic investigation determined that an unauthorized party could have accessed your health information.” siParadigm also emphasized that there is no evidence so far to suggest the data has been misused.
By the numbers
- Akira has claimed responsibility for 86 ransomware attacks, impacting more than 700,000 records across different industries.
- In 2024 alone, there have been 63 confirmed ransomware attacks on U.S. healthcare entities, affecting almost 7 million records with an average ransom demand of $825,000.
Why it matters
The breach at siParadigm is part of a larger trend of increasing ransomware attacks on U.S. healthcare providers. As healthcare data remains a prime target for cybercriminals, providers must safeguard their networks and stay HIPAA compliant to avoid devastating data breaches.
The bottom line
The patients who have received the breach notification letter should monitor their accounts and immediately report suspicious activity. The patients can also file a suit for the damages in court.
Read also: Top 10 healthcare data breaches so far in 2024
FAQs
What is a data breach?
A breach occurs when an unauthorized party gains access, uses or discloses protected health information (PHI) without permission. Breaches include hacking, losing a device containing PHI, or sharing information with unauthorized individuals.
See also: How to respond to a data breach
What should individuals do if their data has been compromised?
If individuals suspect their data has been compromised, they must monitor their accounts for suspicious activity and report any unauthorized transactions immediately.
Are there any costs associated with placing a fraud alert or credit freeze?
No, under U.S. law, consumers are entitled to a free credit report annually from each of the three major credit reporting bureaus, Equifax, Experian, and TransUnion. So, placing a fraud alert or credit freeze does not incur any costs.
