CareSource Data Breach Exposes 3.2 Million To Identity Theft Featured

Cl0p ransomware gang has leaked private patient data allegedly belonging to CareSource, one of the US’ largest Medicaid-managed healthcare plan providers.

A lawsuit was recently filed against an Ohio-based health care provider CareSource alleging it failed to adequately screen its vendors and allowed private information to be stored unencrypted, in so doing, leaving it vulnerable to a data breach.

What Happened?

On July 27, 2023, CareSource notified the U.S. Department of Health and Human Services Office for Civil Rights of a data breach involving the company’s use of the MOVEit file transfer application. In this notice, CareSource explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information.

The Russia-linked ransomware gang, CIOp, then leaked a 40GB dataset that allegedly belongs to CareSource.

Negligence Led To Data Breach

The lawsuit alleges CareSource failed to adequately protect sensitive data and screen its vendors. The hacked vendor allegedly stored private health data in unencrypted form despite the sensitivity of such information and a federal requirement that it do so.

What Information Was Stolen?

Information obtained from the hackers may include –

  • Names
  • Addresses
  • Social Security numbers
  • Dates of birth
  • Gender
  • Medical conditions
  • Diagnoses
  • Medications
  • Allergies
  • Health conditions
  • Member ID and plan name

As a result of the CareSource data breach, over 3.2 million affected individuals are at a substantial and imminent risk of identity theft, fraud, loss of confidentiality and will be forced to constantly monitor their accounts for signs of fraudulent activity for the foreseeable future.

What Is CareSource Doing About This?

CareSource is continuing to work with law enforcement and has begun the process of mailing out Notice Letters to affected individuals. CareSource members will have access to credit and identity monitoring for two years, including fraud consultation and identity theft restoration.

Receive A Notice Letter? Know Your Legal Rights.

If you receive a letter notifying you that your personal information may be at risk it is important that you act promptly to secure your identity. It is also important that you understand your legal rights and any compensation you are entitled to in order to protect against the lifetime threat of identity theft and fraud.

To understand your legal rights, please complete the below form and a lawyer will contact you. There is not cost and no obligation.

Case Status: Open – Not Accepting New Clients


Leave a Reply

Your email address will not be published. Required fields are marked *