DataHEALTH, Inc. Begins Notification of Cybersecurity Incident

DataHEALTH, Inc. (“DataHEALTH”), a cloud hosting, cloud backup, data storage and recovery service provider for the health care industry that provides services to health care providers throughout the country, today announced that it experienced a criminal ransomware attack on some of its servers that contain health care providers’ information. DataHEALTH is providing this notice on behalf of impacted health care providers.

Upon learning of the incident on November 3, 2021, DataHEALTH immediately took measures to contain the threat, launched an investigation, and third-party cybersecurity forensic experts were engaged. DataHEALTH also notified federal law enforcement. The investigation determined that DataHEALTH was the target of a criminal ransomware attack on its cloud hosting services. DataHEALTH cloud backup customers were not impacted.

As a result of the investigation, DataHEALTH learned that the unauthorized party accessed and acquired files containing patient data from a limited number of DataHEALTH’s servers. The threat actor appears to have been able to gain access by using compromised credentials for third-party software that some DataHEALTH health care provider customers utilize. Currently, DataHEALTH has not found evidence that any DataHEALTH-specific accounts or credentials were compromised, nor has it found evidence that any of DataHEALTH’s encrypted databases were accessed.

While the investigation is still ongoing, due to the nature of the attack and the information involved, DataHEALTH has not been able to rule out potential access to certain health care providers’ patient information if it was not in DataHEALTH’s encrypted databases. DataHEALTH’s investigation determined that any customers who receive cloud backup services were not impacted by the ransomware incident. Only certain health care providers that receive DataHEALTH hosting services were actually or potentially impacted. 

On December 15, 2021, DataHEALTH began notifying health care providers whose data files were on the threat actor’s list of exfiltrated files based upon searches performed for those files on DataHEALTH servers. On January 20, 2022, DataHEALTH began notifying impacted individuals. Because DataHEALTH has not been able to rule out potential access in all instances, DataHEALTH sent additional notification to potentially impacted health care providers on January 11, 2022 and is engaging with those providers to identify additional individuals who may need to be provided notification.

At this time, DataHEALTH has no reason to believe the compromised data was used inappropriately by the unauthorized party and has not received any reports of identity theft associated with this incident. Impacted individuals are being notified directly via U.S. mail either by DataHEALTH or by its customers, at their discretion.

DataHEALTH has implemented additional security protocols and continues to evaluate further steps that may be taken. In addition, DataHEALTH is continuing to support federal law enforcement’s investigation.

In an abundance of caution, DataHEALTH has taken steps to ensure that any impacted individuals receive complimentary credit monitoring and identity protection services. For more information, questions may be directed to (855) 618-3165, Monday through Friday, between 8:00 a.m. and 5:30 p.m. Central Time.


Leave a Reply

Your email address will not be published. Required fields are marked *