Healthcare providers MedHealth and DocGo have both suffered cybersecurity incidents in which bad actors gained unauthorized access to customers’ data.
MedHealth said the breach occurred after an outsider accessed emails and files belonging to three of its employees, potentially exposing the personal information of 183,709 patients. MedStar Health has notified all potentially affected patients about the data exposure and filed a report with the Department of Health and Human Services.
MedStar Health reported that the unauthorized access to employee email accounts and files “occurred intermittently” between January and October of last year. The company didn’t detail the exact nature of the email access.
The company did reveal it conducted a forensic analysis of the incident in early March, confirming that patient information was present in the breached files and emails. The compromised emails and files contained patients’ names, mailing addresses, dates of birth, dates of service, provider names, and health insurance information.
DocGo disclosed the cybersecurity incident it suffered in a form 8-K, saying hackers stole protected health information from a “limited number of healthcare records” within the company’s US-based ambulance transportation business. The hack didn’t involve any other business lines.
“Promptly after detecting unauthorized activity, the Company took steps to contain and respond to the incident, including launching an investigation, with assistance from leading third-party cybersecurity experts, and notifying relevant law enforcement,” reads the DocGo SEC filing.
The company didn’t detail its response to the incident, but it’s common for organizations to shut down their IT systems after detecting a breach to halt the spread of the attack. DocGo is currently contacting individuals whose data was compromised.
“To date, the cybersecurity incident has not had a material impact on the company’s operations, and the company currently does not expect that the cybersecurity incident will have a material impact on its overall financial condition or on its ongoing results of operations,” the company added.