More Than 4 Million Individuals Affected by Cyberattack on Independent Living Systems
Independent Living Systems, LLC (ILS), a Miami, FL-based provider of third-party administrative services to managed care organizations, has recently informed the Maine Attorney General that it suffered a data breach that has affected up to 4,226,508 individuals – the largest healthcare data breach to be reported so far this year.
According to the breach notification, ILS identified suspicious activity within its computer systems on July 5, 2022. Assisted by third-party cybersecurity experts, ILS determined that unauthorized individuals accessed its network between June 30, 2022, and July 5, 2022, and acquired files containing sensitive data.
ILS conducted a comprehensive review of all affected files and was provided with the results of the review on January 17, 2023. ILS then worked to validate those results and obtain up-to-date contact information for the affected individuals to allow HIPAA notification letters to be sent.
The information compromised included names, addresses, dates of birth, state ID numbers, Social Security numbers, taxpayer ID numbers, financial account information, Medicare/Medicaid IDs, diagnosis codes/diagnosis information, admission/discharge dates, mental/physical conditions, treatment information, food delivery information, prescription information, billing/claims information, and health insurance information. The types of information varied from individual to individual.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The affected individuals had previously received services directly from ILS, via its covered entity subsidiaries: Florida Community Care LLC and/or HPMP of Florida Inc (dba Florida Complete Care), or from other data owner clients/health plans.
ILS said it added a preliminary notice to its website on September 2, 2022, but was not able to send notification letters until the review and validation process had been completed. Notification letters started to be mailed to affected individuals on March 14, 2023. ILS stated in its attorney general notifications in Maine and California that affected individuals have been offered complimentary credit monitoring services, although these services are not being universally offered.
ILS said it has been working on implementing additional safeguards to prevent further cyberattacks, including fortifying its firewall, updating complexity requirements for credentials, implementing additional internal security procedures, updating its employee training protocols, and providing additional training to its workforce.
