Gryphon Healthcare Data Breach Exposes Info of 400,000 Patients

Houston-based Gryphon Healthcare has revealed that a data breach may have exposed sensitive personal and medical information of nearly 400,000 people.

Gryphon discovered the breach on Aug 13 and disclosed it officially in mid-October. However, it is believed that the breach may have occurred as early as July 6. The delay sparked concerns regarding both the timing of the breach’s discovery and the immediate steps taken to contain the fallout.

Massive Trove of Sensitive Data Exposed

During the attack, threat actors reportedly gained unauthorized access to the company’s systems and stole a significant amount of patient data, including names, addresses, dates of birth and Social Security Numbers.

If misused, this data could let perpetrators carry out further malicious activities, including identity theft or identity fraud, or sell the data to other threat actors for profit. As well, the breach involved sensitive medical data, such as diagnoses, provider information, treatment details, prescriptions, health insurance information and medical record numbers.

Personal and Medical Data Among Compromised Files

Unlike credit card information or passwords, medical information holds long-term value for cybercriminals. It can be exploited for insurance fraud, identity theft, blackmail, and even be sold on the dark web.

Although the amount and variety of exposed data is alarming, Gryphon maintains it has seen no evidence that any exfiltrated data has been misused.

On the other hand, this kind of statement is often an initial line of defense before full details of a breach emerge. In other words, affected parties might not yet be in the clear.

Company Could Face Legal Action

The company now offers 12 months of complimentary credit monitoring and identity protection to affected parties, in an attempt to mitigate the damage.

A day after Gryphon began notifying victims about the breach, law firm Abington Cole and Ellery, based in Tulsa, Oklahoma, quickly moved to file a class-action lawsuit on behalf of the affected parties.

Being Prepared for When Disaster Strikes

Unfortunately, data breaches are becoming more frequent. They happen regardless of how well companies try to protect against them and are completely out of consumers’ control.

However, that doesn’t mean individuals should do nothing. Preparing for the worst-case scenario is crucial, and specialized software like Bitdefender Digital Identity Protection provides valuable support.

It helps users continuously monitor online data, including traces from outdated or forgotten services, on both the surface and Dark Web, and notifies them in real-time if their data has been compromised in a breach.

It also helps users take immediate steps to plug vulnerabilities in their digital footprints with quick, 1-click actions.