Pathology Resource Network (PRN) notified consumers following a MOVEit-related data breach affecting Cadence Bank, the provider of treasury management services to PRN. The breach led to unauthorized access to a wealth of sensitive consumer information, comprising names, addresses, dates of birth, Social Security numbers, driver’s license numbers, health and treatment details, billing and claims information, and financial account data. Cadence Bank initiated the issuance of data breach notification letters to affected individuals post their investigation.
The incident, discovered on June 1, 2023, revealed a vulnerability in the MOVEit file transfer application utilized by Progress Software, prompting Cadence Bank to apply patches to mitigate the issue and conduct an extensive investigation with external cybersecurity experts.
Subsequently, the investigation concluded on June 28, 2023, confirming that an unauthorized entity exploited the MOVEit vulnerability, accessing and downloading stored information between May 28 and May 31, 2023. Cadence Bank alerted PRN on September 7, 2023.
Upon recognizing the exposure of sensitive data, both Cadence Bank and Pathology Resource Network scrutinized compromised files to ascertain the leaked information, followed by the dispatch of breach notification letters by PRN on October 27, 2023, delineating the compromised data specific to affected consumers.
Pathology Resource Network, a healthcare management company based in Shreveport, Louisiana, offers comprehensive practice management solutions to healthcare providers, including billing management, compliance, and human resources. Serving multiple entities, the company, with over 29 employees, generates an estimated annual revenue of $14 million.