In a data security notice posted on its website, SuperCare said an intrusion was discovered on July 27, 2021, when the company noticed unauthorized activity on some systems. An investigation revealed that someone had access to certain systems between July 23 and July 27, 2021. However, it took the company until February 4, 2022, to determine that the exposed files contained patient information, including name, address, date of birth, hospital or medical group, medical record number, patient account number, health-related information, and claim information. In some cases, social security numbers and driver’s license numbers were also stored in the compromised files. “Please note that to date, we have no reason to believe that any information was published, shared, or misused as a result of this incident,” the company said. SuperCare notified impacted individuals about the incident on March 25. he company told the US Department of Health and Human Services that the breach has impacted 318,379 people. This is currently in the top 50 healthcare breaches reported in the past two years, based on the number of affected individuals.
It is especially crucial for organizations that store Personally Identifiable Information (PII) to have a strong security posture. Data breaches like the one that impacted SuperCare Health not only could lead to many customers being affected, but also causes a serious impact to the reputation of the organization. This makes both customers and potential customers doubt that the organization will keep their private information secure in the future.