Details of the Salusive Health Breach

According to the breach notice received by patients affected by the Salusive Health breach, the incident was discovered on March 7, 2022. Upon discovery, they immediately took action to terminate the unauthorized activity, secure their systems, and recover their data.

They also retained a forensic investigator to determine what information was impacted by the cyberattack. The investigation uncovered that the incident started on March 3, 2022, and that patient protected health information (PHI) was compromised in the attack. 

The types of PHI involved included demographic information (i.e., first and last name, gender, home address, phone number, email address, and date of birth); clinical information (i.e., medical history/diagnosis/treatment, dates of service, lab test results, prescription information, provider name, medical account number, or anything similar in a medical file and/or record); and financial information (i.e., health insurance policy and group plan number, group plan provider, claim information), and a single individual’s Social Security Number.

Affected patients have been advised to freeze their credit and have been offered free identity theft protection.

In response to the breach, Salusive Health has also implemented additional security measures to prevent similar incidents from occurring in the future. They have also reported the incident to the FBI, which is working to identify responsible parties.

What Else Do We Know?

Although seemingly unrelated (as per its notice), Salusive Health has decided to cease clinical operations on May 31, 2022. In the breach notice to patients, Salusive Health states, “Salusive (myNurse) made the difficult decision to cease clinical operations by end of business Tuesday, May 31. This will allow for an orderly hand off of chronic care management and remote patient monitoring services back to your primary care physician. This development is unrelated to the data security inciden