Strive HoldCo, also known as Strive Medical, recently filed a notice of a data breach.
What happened
Recently, Strive Medical released a notice of a data breach, although the notice suggests the breach may have been discovered some time ago.
It’s currently unclear how many individuals were impacted, but Strive did say that the following information may have been accessed: names, dates of birth, medical information, provider names, medical record numbers, patient account numbers, Medicaid or Medicare ID numbers, prescription information, and health insurance information.
Strive Medical is a medical supply company based out of Irving, Texas, that supplies equipment to hospitals across the United States. The company provides urological, wound care, ostomy, and incontinence supplies and boasts insurance coverage for approximately 90% of Americans.
Going deeper
Strive Medical filed a notice of data breach with the California Attorney General on August 28th. According to the notice, the company discovered unusual activity in a company email account on July 31st, 2024.
Upon discovering the suspicious activity, the company enlisted the help of a forensic team and began an investigation. The team determined that an unauthorized party had accessed an employee email account between January 29th, 2024 and January 31st, 2024. Notices were mailed out beginning August 28th.
Strive Medical also posted a notice of a data incident on March 22nd, 2024. In this notice, the company said they had determined an email account was compromised on January 31st.
The company will likely provide more information later, and will hopefully clarify if the two notices are connected to the same incident.
In response to the incident, Strive Medical advises impacted individuals to be “vigilant in regularly reviewing and monitoring all of your account statements, explanation of benefits statements, and credit history…”
Why it matters
The incident at Strive Medical is a reminder that breaches are often disclosed long after the attack occurred. For victims, this means the impact of a breach may be felt before the cause has been identified. Even though this may be frustrating, having complete and thorough investigations can help healthcare companies understand how an attack occurred and what organizations may be responsible.
Although investigations can be helpful in understanding attacks, attacks are still best mitigated through robust security measures. In the case of a breach caused by a compromised email account, the incident could likely have been avoided by having a secure email system in place.
Read more: HIPAA Compliant Email: The Definitive Guide