Robeson Health Care Corporation, a US-based healthcare provider, has revealed a data breach exposing sensitive data that might have impacted tens of thousands of individuals. In their latest disclosure on November 27th, the corporation disclosed the detection of malware in their systems back in February.
After concluding an investigation around October 9th, Robeson estimated that over 60,000 individuals could have been affected. However, the severity of the breach was addressed with mixed messages by the North Carolina-based firm.
In a communication to affected individuals, Robeson stated they had “no indication” of unauthorized access to their electronic medical records databases. Simultaneously, they acknowledged a potential compromise of sensitive personal information during the unauthorized access period.
The compromised data could potentially involve names and other personal identifiers, such as Social Security numbers. The scope of impact remains unclear, whether restricted to patients or extending to employees and third-party contractors.
Both disclosures, the first occurring in April after a preliminary investigation concluded in March, were reported to the Attorney General in Maine. The state enforces stringent reporting mandates for cyberattacks impacting its residents.
Robeson has extended a year of free identity theft protection services to affected parties. Additionally, as part of their response to the breach, the corporation reset passwords and implemented multi-factor authentication for all system users following the investigation.