FlexBooker Breach

FlexBooker is an online appointment scheduling platform that services small businesses across several industries, including the healthcare industry. On December 23, 2021, FlexBooker disclosed that it had suffered a breach that resulted in the theft of sensitive data, some of which has been posted to the dark web. According to reports from Have I Been Pwned, the FlexBooker breach has affected 3,756,794 users thus far.

What Do We Know About the FlexBooker Breach?

The FlexBooker breach was reportedly the result of a denial-of-service attack that caused widespread disruption in their operations. What is a denial-of-service attack you may ask? A denial-of-service (DoS) attack occurs when a threat actor disables access to a network or service to legitimate users. A statement released on FlexBooker’s website commented on the attack, “We have been alerted through monitoring analytics that we are experiencing a massive Deep Denial of Service attack. This is causing widespread outages of our core application functionality. We are working with AWS now to remedy the situation and cut the attack off as quickly as possible.”

The almost 4 million individuals affected by the FlexBooker breach had the personal information stored on their systems stolen, some of which was patient protected health information (PHI). The stolen information included names, phone numbers, email addresses, passwords, partial credit card information, photos, driver’s license numbers, and other IDs. The group claiming responsibility for the attack, “Uawrongteam”, has shared links to the stolen information on several dark web forums.

Let’s Simplify Compliance

Learn how to protect your business against breaches in our upcoming webinar!

Sign Up!
HIPAA Seal of Compliance

How Can You Protect Your Business Against Breaches?

Breaches have become a cost of doing business. If you are a healthcare business, the best way to prepare yourself for the inevitable breach is through HIPAA compliance. This is because HIPAA requires healthcare entities to implement security measures to keep patient information private and confidential. These measures serve to improve your overall security posture so that when you do fall victim to a breach, you can respond quickly to minimize the damage that ensues. 

Part of being HIPAA compliant is having a system in place to detect, respond to, and report breaches. Having a tested incident response plan in place not only helps you to satisfy HIPAA requirements, but it drastically reduces the time in which it takes to detect and respond to a breach – directly influencing how much the breach ends up costing your business (a reduction of 35% in associated costs).

Compliany Group’s total HIPAA compliance solution gives you the tools you need to protect patient information. By signing up with us, you are given HIPAA security policies and procedures, employee cybersecurity training, and incident support – helping you to prevent breaches, and quickly detect and respond to breaches when they occur. Find out more about how we can help you!