In March, Super Care, Inc. dba SuperCare Health, notified the California Attorney General’s Office of a breach. The home respiratory care provider’s notification explained that on July 27, 2021, they had discovered unauthorized activity in their system — activity that they subsequently learned began on July 23.
In a notification to 318,379 patients sent on March 25, SuperCare made a point of noting, “As of the date of this letter, we have no reason to believe your information was published, shared, or misused as a result of this incident.”
But was it stolen?
According to their website notice, that information included patients’ name, address, date of birth, hospital or medical group, patient account number, medical record number, health insurance information, testing/diagnostic/treatment information, other health-related information, and claim information.
The notification does not indicate whether this was a ransomware incident or not or how the attacker(s) gained access.
DataBreaches.net sent an inquiry to the California-based provider to ask whether this was a ransomware incident, whether there was any ransom demand, whether any files were encrypted, and whether any files were exfiltrated. No reply was immediately available, so this post will be updated when a reply is received.