Filtered By: Topstories
News

Maxicare reports data breach — National Privacy Commission


Maxicare reports data breach — National Privacy Commission

Healthcare insurance provider Maxicare Healthcare Corporation has reported a data breach over the weekend, the National Privacy Commission (NPC)  confirmed on Tuesday. 

“The NPC has received a data breach notification report from Maxicare Healthcare Corporation through the NPC’s Data Breach Notification Management System on June 16, 2024 at 12:09 p.m.,” the NPC said in a brief statement. 

The NPC has yet to provide further information on how the breach happened. 

In a social media post, Maxicare said the "alleged unauthorized access" to its data affected around 13,000 members representing less than 1% of its members.  The affected members utilized the booking platform of its third-party homecare provider, Lab@Home.

"Compromised information may include those used for booking requests, but no sensitive medical information was exposed," it said.

"At this point, what we can confirm is that the business operations, network, and customer data of Maxicare have not been impacted in any way. Lab@Home maintains a separate database for booking requests, which is not integrated with Maxicare systems," it added.

Maxicare said that despite ongoing efforts to verify the veracity of the alleged security incident, it has implemented emergency measures to ensure the privacy and safety of its "possibly affected members."

Meanwhile, cybersecurity advocacy organization Deep Web Konek said in a blog post that the breach was carried out by a threat actor that compromised a file size of 33.3 MB that contains 22,800 lines of sensitive information “and is reportedly being sold to the first three buyers.” 

In a screenshot posted in the blog post, Maxicare sent an email to its members regarding the data breach: “Maxicare Healthcare Corporation was informed that an unauthorized person/s may have gained access to the personal information of our members submitted to Lab@Home. Lab@Home is a third-party provider that can be used by Maxicare members to get laboratory requests from home.” 

Among the compromised sensitive information include sender details, member details, and member booking details, the group said. 

The data breach also allegedly affected several companies, the Deep Web Konek said.—Vince Ferreras/LDF, GMA Integrated News