Massachusetts-based non-profit organization Mystic Valley Elder Services (MVES) has confirmed a significant data breach affecting approximately 87,000 people, whose information containing credentials, personal identification details, and financial, legal, and health data were stolen. Â
The unauthorized intrusion was first detected by the company, which provides health and other essential services to the elderly and individuals with disabilities, in early April, prompting an immediate investigation.Â
Several months later, it was revealed that the attacker may have accessed and stolen sensitive personal data. While no known ransomware group has claimed responsibility for this attack, the absence of attribution does not exclude the possibility of ransomware involvement.Â
The compromised information is extensive and includes data like name, date of birth, Social Security number, payment card and financial account numbers, online credentials, passport numbers, driver’s license numbers, health insurance details, and medical records.
Affected individuals began receiving notifications in June. MVES has recently informed the Maine Attorney General and the Department of Health and Human Services, officially acknowledging the scope of the breach.
The healthcare sector remains a prime target for cyberattacks due to the wealth of sensitive data it holds. Such breaches can compromise hundreds of thousands to millions of individuals, causing severe repercussions for affected parties and amplifying risks for healthcare organizations.
MVES has 353 employees and generates annual revenue of approximately $62 million via providing essential care services to over 70,000 residents annually across ten communities, including Chelsea, Everett, Malden, Medford, Melrose, North Reading, Revere, Stoneham, Wakefield, and Winthrop.
In light of this incident, industry stakeholders are urged to review and reinforce their security protocols to protect against similar breaches.
This breach underscores the persistent vulnerabilities within healthcare systems, a sector frequently targeted by cybercriminals – ThreeAM Ransomware attack on Kootenai Health impacted over 464,000 patient records, Star Health and Allied Insurance Company customers' health records were distributed by hackers via Telegram, and the Calibrated Healthcare data breach affected several of its patients’ sensitive information.