Cybercrime Hits a New High: The Biggest Health Care Breach of the Year

The health care industry is still reeling from its largest breach of the year, when Conduent Business Solutions experienced an attack that compromised the records of 10.5 million people. Additional breaches at Prosper Funding LLC, the University of Pennsylvania, Oglethorpe, Inc., Hyundai AutoEver America, and DoorDash make one thing clear: No industry is off-limits when cybercriminals go hunting for data. 

 

In this blog post, we break down what happened in these attacks — what information was exposed, who was impacted, and what steps you can take to protect yourself before your data ends up in the wrong hands. 

 

Conduent Business Solutions 

 

Organization Description: Conduent is a business services and solutions provider offering digital platforms for health care organizations and government agencies. 

Breach Size: 10.5 million people  

Data Exposed: Conduent, the business associate of many HIPAA-covered entities, experienced a breach in January when its network IT environment was accessed by an unauthorized party. This resulted in compromising the sensitive data of 10.5 million individuals, including 4 million in Texas.  

 

Since then, Conduent has incurred tens of millions of dollars in direct response costs, with its impacted partner entities also running damage control — including Blue Cross Blue Shield (BCBS) of Texas, Blue Cross Blue Shield of Montana, Humana, Premera Blue Cross, and multiple state government agencies. At BCBS in particular, 310,000 customers in Texas and 462,000 in Montana had personal information exposed, including names, diagnosis codes, some Social Security numbers, and other sensitive medical information. The breach has triggered a class-action lawsuit over the health insurance company’s failure to safeguard customer data and failure to notify those affected by the breach in a timely manner. 

 

So far, at least nine class-action lawsuits have been filed in New Jersey federal court in response to the Conduent breach and its alleged mishandling. This incident ranks as the largest health care data breach announced this year, and the eighth largest health care data breach in history. 

 

Prosper Funding, LLC 

 
Organization Description: Prosper Funding, LLC is a peer-to-peer online lending marketplace that connects individual borrowers with investors. 

Breach Size: 17.6 million people 

Data Exposed: This fall, hackers accessed Prosper’s database and stole a broad set of personal information — including names, dates of birth, Social Security numbers, government IDs, email addresses, physical addresses, employment status, income, IP addresses, and browser details. 

 

 

 

University of Pennsylvania 

 

Organization Description:  

The University of Pennsylvania is a private Ivy League research university. 

Breach Size: 1.2 million people 

Data Exposed: The University of Pennsylvania reported that a hacker used social engineering to gain full access to internal systems via a compromised employee account. The perpetrator claimed to exfiltrate the donor records of about 1.2 million students, alumni, and donors. The data included names, dates of birth, addresses, phone numbers, estimated net worth, donation history, religion, race, and sexual orientation. 

 

Oglethorpe, Inc. 

Organization Description: Oglethorpe, Inc. is a health care company that owns and operates a network of mental health and addiction recovery treatment facilities.  

Breach Size: 92,332 people 

Data Exposed: Earlier this year, an unauthorized third party infiltrated the network at Oglethorpe and accessed files containing highly sensitive personal and health‑related information. The exposed data included names, Social Security numbers, driver’s license numbers, and medical records of patients treated at the organization’s facilities. 

 

Hyundai AutoEver America 

Organization Description: Hyundai AutoEver America (HAEA) is an automotive information technology (IT) solutions provider for Hyundai Motor Group affiliates in North America. 

Breach Size: Undisclosed 

Data Exposed: Hyundai AutoEver America recently shared that it suffered a cyberattack in February that compromised its IT systems, affecting both current and former employees. The breach exposed sensitive personal information, including names, Social Security numbers, and driver’s license details for an undisclosed number of drivers of Hyundai, Kia, and Genesis vehicles. This is Hyundai’s third major security incident in three years. 

 

DoorDash 

Organization Description: DoorDash is a technology company that operates an on-demand food and grocery delivery platform. 

Breach Size: Undisclosed 

Data Exposed: DoorDash recently confirmed a third major data breach after an employee fell victim to social engineering, allowing an unauthorized party to access the contact details of some customers, deliverers, and merchants. The exposed information may include first and last names, phone numbers, email addresses, and physical addresses. 

 

Hacking & Phishing News

Backdoor
 

A backdoor is a hidden entry point that allows someone to access a computer system while bypassing normal security measures. These backdoors can be intentionally left by software developers for maintenance purposes or secretly installed by attackers. For example, cybercriminals may install malicious code that corrupts data on hard drives or allows them to access or transfer sensitive information.

  

Credential Dumping
 

Credential dumping is a technique where attackers extract usernames, passwords, or other login information from a system in order to move through networks or gain higher levels of access — like stealing a ring of keys that allows intruders access to multiple doors. For example, in the Prosper Funding, LLC and DoorDash breaches, hackers were able to access extensive personal records by exploiting system credentials, while in the University of Pennsylvania attack, stolen employee account credentials gave them access to millions of donor records.   

 

With IDSeal®, you’re never on your own when it comes to safeguarding your personal information. Our identity protection service constantly scans for exposed data, sends alerts for suspicious activity, and offers complete restoration support if your identity is compromised. With cybercrime on the rise, being proactive is the best defense against becoming another statistic. 

 

Keep up with the latest cybersecurity news and data breach updates by following us on social media and take action now to secure your identity before it’s too late.