BJC HealthCare, a non-profit healthcare networks in the United States, recently revealed that it has discovered a data breach on November 19, 2018, that affected 5,850 people.
In an official statement, BJC stated that unknown intruders illegally gained access to its patients’ payment portal and uploaded malware that potentially compromised the personal and credit/debit card information. The security professionals at BJC determined that the malicious code exploited the payment portal and exposed the payment information from October 25, 2018, to November 08, 2018, affecting 5,850 of its users.
The Health Center said the information that could have been compromised included the patients’ names, dates of birth and billing data. The credit card or bank account information for some people also got compromised. However, BJC clarified that no social security numbers and medical information affected due to the incident.
“BJC has no indication to date that any information was actually misused. As a precaution, individuals whose payment information may have been exposed are advised to carefully review credit card and bank statements and immediately contact their credit card holder or banking institution about any inconsistencies or suspicious activity,” BJC statement read. “BJC takes the confidentiality and protection of patient information seriously and regrets any inconvenience or concern this incident caused patients, family members or other individuals making payments through the site. To help prevent a similar incident from occurring in the future, BJC has implemented additional security procedures to enhance protection against malware.”
In related news, the U.S. government’s health insurance system HealthCare.gov suffered a data breach that resulted in the theft of thousands of patients’ records. According to the official statement, unknown attackers breached the government portal’s sign-up system named Federally Facilitated Exchanges (FFE) and compromised around 75,000 patients’ personal data. Managed by the Centers for Medicare & Medicaid Services (CMS), the HealthCare.gov is a platform for insurance agents and brokers to enroll users in Obamacare insurance plans.
The CMS stated they discovered the suspicious activity on October 13, 2018, and notified the Federal law enforcement for an immediate investigation. On October 19, the CMS officials declared that the portal was compromised between October 13 and 16, and it is unclear what information was exposed in the unauthorized activity.