Hacked U.S. healthcare provider’s data archive involved over 900,000 people

Securing archived sensitive data from a data breach is just as important as protecting transactional information, experts say.

The latest example of this is an American medical services provider, Transformative Healthcare, that had to notify just over 911,000 people at the end of December that some of their personal information it had archived from a now-defunct division, Fallon Ambulance Services, was copied by a hacker.

Transformative Healthcare bought Fallon, which operated in Massachusetts, in 2018, but closed the company in 2022. For legal reasons, the parent company has to keep an archived copy of Fallon’s records on its computer systems.

However, as detailed in a regulatory filing with Maine’s attorney general’s office, last April suspicious activity was detected in the Fallon archive. On investigation, it was realized a hacker accessed the data in February. It took the company seven months to determine how many people may have been affected by the compromise.

Data copied could have included people’s names, addresses, Social Security numbers, medical information, including COVID-19 testing or vaccination information, and information provided to Fallon in connection with employment or application for employment.

Attackers may go after an organization’s data archives deliberately, or because they can’t get into production data. Regardless, researchers at Proofpoint argue in a blog, “attackers know that archives have a wealth of information on organization intellectual property, internal messages, and financial data. These data archives are a target for attackers who gain access to high-privilege network accounts or exploit vulnerabilities that give them access to archive data.”