Data breaches at health care companies expose more than 15 million records

A massive data breach at five health care companies has exposed millions of records, including sensitive information such as medical diagnoses. (c) ConsumerAffairs

'One of the most intrusive data breaches in recent memory'

Data breaches at health care companies Common Spirit, Mass General Brigham, Centra Care, OSF Healthcare and Ascension Healthcare have exposed more than 15 million records, a cybersecurity firm reports.

Information including names, phone numbers, emails, medical diagnoses, Social Security numbers and more began circulating on Dec. 3, cybersecurity firm Atlas Privacy said Thursday.

Customers of the insurance companies can check if their information was exposed at Atlas Privacy's Databreach.com website.

Below is a table on the estimated information, which is still being reviewed by Atlas Privacy, that was exposed at the health care organizations.

 

 

 

Atlas Privacy said the data breach is "one of the most intrusive data breaches in recent memory."

"This breach didn’t just compromise names and contact details—it exposed some of the most intimate aspects of people’s lives," Atlas Privacy said. "This isn’t just a collection of data points; it’s a deeply personal snapshot of people’s lives—information that will likely be weaponized to exploit or harm them."

The breaches stem from software company Welltok, which fell victim to a ransomware attack by the group "Cl0p," Atlas Privacy said.

Common Spirit, Mass General Brigham, Centra Care, OSF Healthcare and Ascension Healthcare didn't immediately respond to requests for comment from ConsumerAffairs.

What to do after a data breach

  • Follow the letter: Companies should send out a letter if you are a victim of a data breach. Read it carefully to get more details about what data was exposed and the steps the company recommends you take.
  • Freeze your credit: Contact each of the three credit bureaus, Experian, Equifax and TransUnion, and get your credit frozen so a criminal can’t open cards or other lines in your name.
  • Credit monitoring: Companies often will offer free credit monitoring or other services after a data breach.
  • Reset passwords: Change your passwords and use different ones for services.
  • Use a password manager: LastPass and services built into web browsers such as Google Chrome and Microsoft Edge can create and store strong passwords for you.
  • Opt out of data collection: If you have the right in your state, you can email services you use to request they don’t collect your data for use by third parties.
  • Request to have your data deleted: For services you don’t use, ask to have your data deleted. California and other states have written this into law.