Tennessee-based substance abuse treatment service provider American Addiction Centers had information from 422,424 individuals exfiltrated during a breach of its internal servers in September, which was initially disclosed to have affected 410,747 people, according to SecurityWeek.
Infiltration of internal systems led to the theft of individuals’ names, birthdates, phone numbers, email addresses, Social Security numbers, medical record numbers, and health insurance details, but not their payment card information or treatment data, said American Addiction Centers in a filing with the Office of the Maine Attorney General, which emphasized insufficient evidence suggesting misuse of the stolen information.
Such a development comes more than a month after the intrusion was claimed to have been conducted by the Rhysida ransomware operation, which asserted exfiltrating nearly 2.8 TB of data from American Addiction Centers’ systems. Most of the stolen data has already been leaked by the ransomware gang following failed extortion attempts with the organization.
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.