Medusind Data Breach Impacts 360,934 Individuals

On December 29, 2023, Medusind, Inc., a revenue cycle management company specializing in medical and dental billing, discovered suspicious activity within its IT network. The company promptly took affected systems offline and initiated an investigation with the help of a leading cybersecurity forensic firm. It was determined that a cybercriminal had accessed and potentially obtained a copy of certain files containing sensitive personal information.

The breach impacted 360,934 individuals in the United States, including 11,182 individuals in Texas, 1,023 in Maine, and 2,492 in South Carolina. The exposed information varied by individual but included a wide range of sensitive data, such as:

• Name
• Address
• Social Security number
• Driver’s license number
• Government-issued ID number (e.g., passport, state ID card)
• Financial information (e.g., bank account numbers, credit or debit card numbers)
• Medical information (e.g., medical history, medical record numbers, prescription details)
• Health insurance information (e.g., insurance policy numbers, claims/benefits information)
• Date of birth
• Contact information (e.g., email, phone number)

The breach was disclosed to the Maine Attorney General, Texas Attorney General, and South Carolina Attorney General on January 8, 2025. Medusind began notifying affected consumers by U.S. mail and publication in print media on January 7, 2025.

This breach is particularly severe due to the breadth and sensitivity of the exposed data, which includes not only financial and personal identification details but also medical and health insurance information. Such data can be exploited for identity theft, financial fraud, and even medical identity theft, making it critical for affected individuals to take immediate action.

Medusind, Inc.'s response

Following the discovery of the breach, Medusind took immediate steps to secure its systems by taking them offline and engaging a cybersecurity forensic firm to investigate the incident. The company also implemented enhanced security measures to prevent similar incidents in the future.

To support affected individuals, Medusind is offering two years of complimentary identity monitoring services through Kroll, a global leader in risk mitigation and response.

These services include:

• Single Bureau Credit Monitoring: Alerts for changes to credit data, such as new credit applications.
• Fraud Consultation: Unlimited access to Kroll fraud specialists for guidance on protecting personal information.
• Identity Theft Restoration: Dedicated investigators to resolve identity theft issues on behalf of affected individuals.

Affected individuals can activate these services by visiting Kroll’s enrollment website and using the membership number provided in their notification letter. The activation deadline is specified in the notification letter.

Steps to take if you are affected by the data breach

If you believe your information was exposed in the Medusind data breach, here are steps you should take to protect yourself:

1. Activate the free identity monitoring services: Visit Kroll’s enrollment website and sign up for the complimentary services provided by Medusind.
2. Monitor your financial accounts: Regularly review your bank statements, credit card activity, and other financial accounts for unauthorized transactions.
3. Check your credit reports: Obtain a free credit report at Annual Credit Report and review it for unfamiliar accounts or inquiries.
4. Place a fraud alert on your credit file: Contact one of the three major credit bureaus (Equifax, Experian, or TransUnion) to add a fraud alert, which will notify creditors to verify your identity before opening new accounts.
5. Consider a credit freeze: A credit freeze prevents creditors from accessing your credit report without your consent, making it harder for identity thieves to open accounts in your name.
6. Stay vigilant: Be alert for phishing emails or phone calls that may attempt to exploit the breach. Avoid clicking on suspicious links or providing personal information to unknown parties.
7. Report suspicious activity: If you notice unauthorized transactions or suspect identity theft, report it to your financial institution and file a complaint with the Federal Trade Commission (FTC).

About Medusind, Inc.

Medusind, Inc. is a leading provider of medical and dental billing and revenue cycle management services. With over 3,000 employees, the company supports healthcare organizations, including hospitals, medical practices, and dental groups, by optimizing revenue and reducing operating costs. Medusind combines advanced technology solutions with client-focused services to improve efficiency and profitability in the healthcare industry. For more information about the company, visit Medusind’s official website.