Summit Pathology, a medical diagnostic laboratory based in Colorado, disclosed a major data breach impacting 1,813,538 Americans.
The incident, detected on April 18, 2024, involved unauthorized access to Summit Pathology's network, exposing sensitive patient data, including personal identification, medical records, billing, and insurance information. The company has since bolstered its security protocols and is offering free identity protection services to all affected individuals.
Summit Pathology identified the breach when unusual activity was detected within their digital infrastructure. Working with third-party forensic experts, the company confirmed that unauthorized actors had potentially accessed and exfiltrated files from affected systems. Law enforcement was informed promptly, though the investigation did not impede Summit Pathology's notification timeline.
The breach exposed a comprehensive range of patient information, including:
- Demographic details: names, addresses, and dates of birth
- Medical records: diagnoses and other medical information
- Financial data: Social Security numbers, medical billing, and insurance details
Given the type of data involved, there is a heightened risk of identity theft or fraud.
Summit Pathology operates as a prominent diagnostic lab offering specialized pathology services primarily in Colorado and neighboring states. Their operations support thousands of medical institutions and healthcare providers, serving a patient base that relies on them for timely and accurate diagnostics in various medical specialties. The scale of this breach, affecting over 1.8 million patients, underscores the potential impact that cybersecurity incidents can have on healthcare systems.
Also, the organization now faces legal action for delaying the notices to impacted individuals, only starting their distribution last week. This has allowed threat actors ample time and opportunity to contact affected patients and use the sensitive details to scam them.
Mitigating the risks
To support those impacted, Summit Pathology has enlisted IDX, a data breach response and identity protection service provider. Affected individuals are encouraged to enroll in the free protection services offered until the set deadline of January 18, 2025.
Additionally, Summit has recommended the following steps to secure personal information:
- Contact one of the three major credit bureaus (Equifax, Experian, or TransUnion) to add a fraud alert to your credit profile.
- Order free annual credit reports from each bureau via annualcreditreport.com to monitor any unusual activity.
- Place a security freeze on credit to further restrict access to credit files.
Leave a Reply