Gryphon Healthcare, an American healthcare management company, recently experienced a supply-chain cyber attack that led to the theft of sensitive data affecting nearly 400,000 patients. The cyber attack occurred before August 13, 2024, and impacted one of Gryphon’s partners, which the company did not name. This attack allowed unauthorized access to personal and protected health information that Gryphon handled.
In a breach notification filed with the Office of the Maine Attorney General, Gryphon disclosed the information that were stolen. This included names, dates of birth, Social Security numbers, health insurance details, medical records, and other sensitive information. Gryphon stated that there has been no evidence of the data being misused so far. Furthermore, no group has claimed responsibility for the attack.
Healthcare organizations are frequent targets of cyber attacks due to the sensitive nature of the data they handle. The attackers often threaten to release stolen patient information unless they receive payment, which can lead to significant financial losses, damage to reputations, and legal repercussions. Law firms like Abington Cole and Ellery have already begun exploring potential class-action lawsuits for victims of this data breach.
