Details of the Salusive Health Breach
According to the breach notice received by patients affected by the Salusive Health breach, the incident was discovered on March 7, 2022. Upon discovery, they immediately took action to terminate the unauthorized activity, secure their systems, and recover their data.
They also retained a forensic investigator to determine what information was impacted by the cyberattack. The investigation uncovered that the incident started on March 3, 2022, and that patient protected health information (PHI) was compromised in the attack.
The types of PHI involved included demographic information (i.e., first and last name, gender, home address, phone number, email address, and date of birth); clinical information (i.e., medical history/diagnosis/treatment, dates of service, lab test results, prescription information, provider name, medical account number, or anything similar in a medical file and/or record); and financial information (i.e., health insurance policy and group plan number, group plan provider, claim information), and a single individual’s Social Security Number.
Affected patients have been advised to freeze their credit and have been offered free identity theft protection.
In response to the breach, Salusive Health has also implemented additional security measures to prevent similar incidents from occurring in the future. They have also reported the incident to the FBI, which is working to identify responsible parties.