A severe security breach at Virginia-based debt collection agency Credit Control Corporation (CCC) may have exposed the personal information of thousands of patients across several hospitals, health systems, and healthcare practices in the state. The breach impacts debt collection accounts for local hospitals and doctors’ offices, potentially affecting multiple institutions, including prominent ones such as Sentara Health System, Riverside Health System, and Children’s Hospital of the King’s Daughters Health System.
On March 7th, CCC detected unusual activity on its systems, prompting an immediate investigation. The probe revealed that a cyber-attack had occurred between March 2nd and March 7th, during which certain files were copied from the company’s network. The compromised files contained sensitive information, including names, addresses, Social Security numbers, and other account-related details.
The breach is part of a rising trend in cybersecurity incidents within the healthcare industry. Scott Gibson, the Cybersecurity Program Director for ECPI, notes that the sector has seen a surge of 17 to 34% in breaches within the U.S. over the past year. “There’s multiple ways it can actually happen. Most of the time, it’s usually older systems and/or user error just for lack of IT training,” said Gibson.
Business owners, particularly those within the healthcare sector, are advised to review and strengthen their cybersecurity measures, ensuring that systems are up to date and staff are adequately trained to handle potential cyber threats. Gibson suggested that consumers can set up preventative measures with their credit card carriers and banks to safeguard against such breaches.
CCC began notifying its business partners about the breach on May 4th, working closely with them to inform individuals whose data may have been compromised. The number of individuals affected by the breach has not been disclosed, highlighting the potentially extensive impact of this incident.
Credit Control Corp has set up an assistance line at 866-347-3197, available Monday through Friday from 9:00 a.m. ET to 6:30 p.m. for those who may need support or have concerns about their information.
This incident underscores the persistent and escalating threats to information security, particularly within the healthcare industry. It is a stark reminder for businesses and individuals alike to remain vigilant and proactive in protecting sensitive data.
