A New Jersey-based medical diagnostic lab, siParadigm, recently reported a data breach impacting 26,534 individuals.
siParadigm recently notified 26,534 individuals about a data breach that exposed their protected health information (PHI). The breach, discovered on June 11, 2024, involved unauthorized access to its computer network, leading to the potential exposure of names, Social Security numbers, dates of birth, addresses, and medical information. SiParadigm has since taken steps to enhance its cybersecurity defenses and has offered affected individuals complimentary credit monitoring.
Ransomware group Akira claimed responsibility for the siParadigm breach in July 2024 and said it had stolen 114 GB of data. They allegedly breached PHI, as well as passports, NDAs, driver's licenses, and financial data. However, siParadigm hasn't confirmed the extent of Akira's claims or if a ransom was demanded or paid.
Active since March 2023, Akira has mainly targeted sectors in health, finance, and education. The group’s double extortion method forces the victims to make ransom payments to unlock their systems and not sell or publish sensitive information.
The siParadigm breach notice states, “The third-party digital forensic investigation determined that an unauthorized party could have accessed your health information.” siParadigm also emphasized that there is no evidence so far to suggest the data has been misused.
The breach at siParadigm is part of a larger trend of increasing ransomware attacks on U.S. healthcare providers. As healthcare data remains a prime target for cybercriminals, providers must safeguard their networks and stay HIPAA compliant to avoid devastating data breaches.
The patients who have received the breach notification letter should monitor their accounts and immediately report suspicious activity. The patients can also file a suit for the damages in court.
Read also: Top 10 healthcare data breaches so far in 2024
A breach occurs when an unauthorized party gains access, uses or discloses protected health information (PHI) without permission. Breaches include hacking, losing a device containing PHI, or sharing information with unauthorized individuals.
See also: How to respond to a data breach
If individuals suspect their data has been compromised, they must monitor their accounts for suspicious activity and report any unauthorized transactions immediately.
No, under U.S. law, consumers are entitled to a free credit report annually from each of the three major credit reporting bureaus, Equifax, Experian, and TransUnion. So, placing a fraud alert or credit freeze does not incur any costs.