The magnitude of the data breach is significant, as it has potentially compromised the personal information of 286,699 individuals.
Credit Control Corporation (CCC), a debt collection services company, recently fell victim to a cyber attack leading to a data breach that compromised the personal data of numerous healthcare institutions.
The breach, which occurred between March 2nd and March 7th, resulted in the theft of sensitive information, including names, addresses, Social Security numbers, and account details.
This article will provide an overview of the incident, the affected parties, and the steps taken by CCC to mitigate the impact on its clients.
According to CCC’s data breach notice, on March 7th, 2023, the company detected unusual activity within its network, prompting the company to initiate an immediate investigation. It was soon revealed that threat actors had gained unauthorized access to specific systems and copied various files containing confidential client data. The company swiftly isolated its compromised systems and commenced an extensive investigation to assess the full extent of the data breach.
The fallout from this breach primarily affects healthcare institutions that relied on CCC’s debt collection services including the following:
- VCU Health System
- UVA Health System
- Valley Health System
- Sentara Health System
- Riverside Health System
- Bayview Physicians Group
- Mary Washington Healthcare
- Pariser Dermatology Specialists, Inc.
- Chesapeake Regional Medical Center
- Tidewater Physicians Multispecialty Group
- Dominion Pathology Laboratories, Chesapeake Radiology
- Children’s Hospital of the King’s Daughters Health System and its Affiliates
The magnitude of the data breach is significant, as it has potentially compromised the personal information of 286,699 individuals. Out of these, 20 residents of Maine were specifically identified. This was revealed in a breach notification notice published by the Office of the Maine Attorney General.
The stolen data varied by individual, but it included personally identifiable information such as names, addresses, and Social Security numbers. Additionally, threat actors acquired data related to individuals’ accounts with CCC’s business partners, including account numbers, balances, and dates of service. The compromised data leaves affected individuals vulnerable to identity theft and potentially fraudulent activities.
Upon discovering the data breach, CCC promptly reported the incident to federal law enforcement agencies and has been cooperating fully with their investigation. In an effort to mitigate the potential harm to affected individuals, CCC has offered free credit monitoring and identity theft protection services for a year.
The company urges affected individuals to remain vigilant, review their account statements and explanation of benefits forms, monitor free credit reports for suspicious activities, and promptly report any detected errors or fraudulent incidents.