This comes after Humana’s rivals, UnitedHealth’s Optum unit reported such a huge breach, exposing the sensitive information of more than 5.4 million people. The breach stemmed from an internal chatbot that employees used to inquire about claims, which was inadvertently left accessible on the internet. This event is now one of the largest healthcare breaches of 2023.
A quick glance at the timeline of the breach reveals that a criminal had unauthorized access to that data for a full week. This encroachment culminated on February 6. A hacker was able to intrude into the internal systems of Episource, a healthcare data management company. During this breach, they accessed and downloaded sensitive patient and member information. That breach—first reported by Episource on Friday—has brought national focus on the ongoing security vulnerabilities regarding health data.
Zack Whittaker, security editor at TechCrunch, echoed this concerning trend as massive breaches continue to plague the healthcare industry. Only months earlier, Change Healthcare had been rocked by a crippling cyberattack launched by a ransomware syndicate in February 2024. That one incident resulted in the theft of personal and health information from more than half of Americans—over 190 million people. It is the largest healthcare data breach in U.S. history.
With its practice of processing billions of health transactions every year, Change Healthcare would be an attractive target for cybercriminals. These breaches have monumental consequences. Not only do they compromise patient privacy, these actions erode and undermine public trust in our healthcare organizations.
These recent occurrences serve as a stark reminder of just how crucial it is for healthcare systems to prioritize and implement strong cybersecurity practices. That’s why experts recommend organizations make safeguarding their internal communication tools and sensitive data a priority to protect themselves from unforeseen threats.
