Pennsylvania-based company Keystone Health discovered a data breach in August that potentially impacted the protected health information (PHI) of over 235,000 individuals. Keystone Health issued an official statement on October 17th notifying its customers about the data breach and instructing them regarding which steps they should follow if their information was accessed.
Explaining the Incident
According to Health IT Security, Keystone identified an incident that temporarily disrupted their computer systems and found out that an unauthorized party accessed files within their systems between July 28, 2022, and August 19, 2022.
The threat actors gained access to company files, which include information such as patient names, Social Security numbers, and clinical information.
While we have a robust information security system in place, unfortunately, no system is perfect, and we recently identified and addressed a cybersecurity incident.
The company will take the appropriate measures to uncover who was behind the attack. The incident was reported to law enforcement and Keystone Health is currently working with a third-party cybersecurity firm to determine exactly what happened.
Keystone is mailing letters to the affected patients and is offering credit monitoring services to those who are eligible. The company is advising customers who believe that they might be affected by the breach but did not receive a letter by November 14, 2022, to contact their toll-free dedicated external call center at (855) 532-1263, Monday through Friday, 9:00 a.m. to 6:30 p.m., Eastern Standard Time, excluding major U.S. holidays.
We value the trust our community places in Keystone Health, and we deeply regret any concern this may cause our patients and their families. To help prevent something like this from happening again, we are implementing new network security measures and providing additional training to our employees.
Cristian is a Content Editor & Creator at Heimdal®, where he developed a deep understanding of the digital threat landscape. His style resonates with both technical and non-technical readers, proof being in his skill of communicating cybersecurity norms effectively, in an easy-to-understand manner.