Excelsior Data Leak: The Risks and Ways to Protect Yourself

Did you know that in 2024, over 160 million people had their healthcare data compromised? This is primarily attributed either to IT incidents or hacking.

The Excelsior data breach occurred in June 2024 which affected the information of patients. The risks of the breach include exposure to phishing scams, identity theft, and blackmail.

Healthcare Data Breaches are on the rise. In fact, over 130 million healthcare records were exposed in 2023. One massive data breach in 2024 happened to Excelsior Orthopaedics, affecting over 350,000 people.

In June 2024, Excelsior detected unauthorized activity on its network. The culprit was the Monti Group, a cybercrime group.

The breach was considered a ransomware attack, compromising the sensitive personal information of both Excelsior employees and patients.

The types of compromised data included:

• Full Names
• Addresses
• Social Security numbers
• Diagnosis
• Health insurance information
• Treatment details, and
• Biometric information

After discovering the breach, Excelsior had help from third-party cyber security firms to investigate the attack and secure its systems. Three months after discovering the breach, Excelsior started notifying the affected people, with more notifications sent out in December 2024.

Additionally, Excelsior offered twelve months of free fraud assistance and credit monitoring to affected individuals.

Even so, people are still at risk as long as their information is in the hands of hackers and exposed online.

If your healthcare data ever gets compromised, you’d be at risk of several implications.

Scammers can use your healthcare data for Phishing.

They can leverage your compromised information to create highly convincing messages.

They usually mimic the format and style of messages from your insurance company and healthcare provider. They even impersonate government healthcare organizations. Their goal is to trick you into making payments or provide more sensitive information.

In other cases, scammers spoof caller IDs. So, when they call, it will effectively appear like the call is coming from your trusted medical provider, doctor’s office, or insurance company. This makes it likely that you pick up the call, which will eventually lead to financial and data theft.

Fraudsters can also use your healthcare data for various identity theft schemes.

One is Prescription Fraud. They can create fake prescriptions under your name or tamper with original transcriptions to get medication or increase the quantity of what’s prescribed. For example, they may change their prescription for allergy to one for controlled substances like oxycodone. Fraudsters do this either to satisfy their addiction or to make money by supplying others.

Another is Insurance Fraud. If scammers get a hold of your healthcare data, they can use it to file false insurance claims under your name. This can lead to increased premiums and eventually financial loss

What makes these schemes more concerning is that they can lead to substantial consequences apart from financial loss. For instance, you could miss the proper healthcare you should be getting. If scammers end up changing your medical records, your doctor will be misled into making incorrect treatment. These can result in more severe health issues

Additionally, you could be denied insurance coverage if providers discover inconsistencies in your claims. They may take steps that will affect your eligibility for future coverage, leading to higher out-of-pocket costs.

Scammers can also use your healthcare data to blackmail, exploiting the sensitivity and stigma surrounding some health conditions.

How it Works:

1. First is Data Gathering. Scammers will buy your healthcare data on the dark web. They’ll look for your diagnoses, whether you have mental health issues, STDs, or other chronic illnesses. They’ll also find out about your treatments, the medication you’re taking, and even your therapy records.
2. Next is the Threat of Exposure. Scammers will contact their targets. They’ll threaten to share your sensitive healthcare information with your employers, family members, and even in public forums or social media. This threat works primarily because of the fear of reputational damage and embarrassment.
3. Next is the Request for Payment. Scammers will say that your sensitive healthcare data is safe as long as you pay through unsecured methods like gift cards and cryptocurrencies.

While it’s nearly impossible for you to remove your information from the dark web, there are still ways you can protect yourself.

1. Financial Monitoring. After a data breach, make sure to review your bank, insurance statements, and credit card for unauthorized transactions. It’s also ideal to freeze your credit and set up fraud alerts to prevent scammers from using your identity for their schemes, like opening credit accounts.
2. Alert Authorities. Ensure that you notify your medical and health insurance providers so they can flag or prevent unauthorized activities like false insurance claims and prescriptions.
3. Protect Your Online Accounts. A healthcare data breach can also put your online accounts like patient portals and insurance websites. To protect your online accounts, you have to change your passwords before cybercriminals can access them. And for added layers of security, you should enable two-factor authentication.
4. File an Identity Theft Report. You can visit identitytheft.gov to file a report. They can provide you with a recovery plan and help you track your progress.
5. Medical Monitoring. Make sure to check your insurance Explanation of Benefits for suspicious services or claims. Also, check your medical records to see if there are changes made.

Overall, the Excelsior data breach is a serious attack that poses significant risks to patients.

And the thing is, Excelsior is just one of the many healthcare organizations that experience data breaches.

Remember: To protect yourself, you should monitor your financial and medical accounts, change your passwords, enable 2FAs, and file an identity theft report.

What are the largest healthcare data breaches of 2024?

According to the HIPAA journal, the largest healthcare data breaches in 2024 happened to Change Healthcare, Kaiser Foundation, HealthEquity, Concentra Health Services, Centers for Medicare & Medicaid, Acadian Ambulance, and Integris Health.

How can data breaches in the healthcare industry be prevented?

There are various ways healthcare organizations can prevent data breaches, including: 1) conducting yearly security analysis, 2) choosing credible partners for services like medical billing, 3) limiting access to patient information, 4) continuously monitoring devices, 5) regularly updating IT infrastructure, and 6) security training for employees.