Medusind Data Breach Impacts 360,934 Individuals in US

On December 29, 2023, Medusind, Inc., a leading provider of revenue cycle management services for healthcare organizations, discovered suspicious activity within its IT network. The company immediately took action by taking the affected systems offline and initiating an investigation with the help of a leading cybersecurity forensic firm.

The investigation revealed that a cybercriminal may have gained unauthorized access to certain files containing sensitive personal and health-related information. The breach affected a total of 360,934 individuals in the United States, including 1,023 residents of Maine, according to a disclosure to the Maine Attorney General's office.

The exposed information is extensive and includes the following categories:

• Name
• Health insurance and billing information (e.g., insurance policy numbers, claims/benefits details)
• Payment information (e.g., debit/credit card numbers, bank account details)
• Health information (e.g., medical history, medical record numbers, prescription details)
• Government identification (e.g., Social Security number, taxpayer ID, driver’s license, passport number)
• Other personal information (e.g., date of birth, email, address, phone number)

Medusind has not yet disclosed how the breach occurred or whether it was the result of a specific vulnerability or attack method. However, given the breadth of the data exposed, this breach is considered highly severe, as it involves both financial and sensitive health-related information.

Medusind's response

In response to the breach, Medusind acted swiftly by taking affected systems offline and hiring a cybersecurity forensic firm to investigate the incident. The company has since implemented enhanced security measures to prevent similar breaches in the future.

To support affected individuals, Medusind is offering two years of complimentary identity monitoring services through Kroll, a global leader in risk mitigation and response.

These services include:

• Credit Monitoring: Alerts for changes to credit data, such as new credit applications.
• Fraud Consultation: Access to a fraud specialist for guidance on protecting your identity.
• Identity Theft Restoration: Dedicated support from a licensed investigator to resolve identity theft issues.

Affected individuals were notified via written communication starting on January 7, 2025.

Steps to take if you are affected by the data breach

If you have received a notification from Medusind, it is crucial to take immediate steps to protect your personal and financial information. Here’s what you should do:

1. Activate the free identity monitoring services: Visit Kroll’s enrollment website and use the membership number provided in your notification letter. You must activate these services by the deadline specified in the letter.
2. Monitor your financial accounts: Regularly review your bank and credit card statements for unauthorized transactions. Report any suspicious activity to your financial institution immediately.
3. Check your credit reports: Obtain a free copy of your credit report from Annual Credit Report and look for unfamiliar accounts or inquiries.
4. Place a fraud alert or security freeze: Consider placing a fraud alert or security freeze on your credit file to make it harder for identity thieves to open accounts in your name. You can do this by contacting the three major credit bureaus:
1. Equifax Fraud Alert
2. Experian Fraud Alert
3. TransUnion Fraud Alert

1. Report identity theft: If you suspect you’ve been a victim of identity theft, file a report with the Federal Trade Commission (FTC) at IdentityTheft.gov.
2. Stay vigilant: Be cautious of phishing emails or phone calls requesting personal information. Legitimate organizations will not ask for sensitive details via email or phone.