California-based respiratory care provider SuperCare Health disclosed a data breach affecting more than 300,000 individuals.

The data security incident was discovered on July 27, 2021 when SuperCare noticed unauthorized activity on some systems. Later, an investigation revealed that a cyberattacker had access to certain systems and information that contained patient information, including name, address, date of birth, hospital or medical group, medical record number, patient account number, health-related information and claim information. In some cases, social security numbers and driver's license numbers were also affected.

SuperCare retained independent cybersecurity experts to conduct a forensic investigation into the incident and assist in determining what happened. At this time, the company says there's no reason to believe that any of the data has been published, shared or misused. However, SuperCare has reported the incident to the Federal Bureau of Investigation and will cooperate to help identify and prosecute those responsible for the data breach.

The respiratory care provider says they've implemented additional security measures to protect the organization and minimize the likelihood of future incidents. 

Purandar Das, CEO and CO-founder at Sotero, says the data breach points to two challenges that affect most organizations. The first is limited to securing sensitive data in critical operational systems. "While this makes sense from a prioritization perspective, it also highlights the lack of a comprehensive data security approach."

The second challenge is fallout from not adopting a holistic approach, Das says. "Often, the same data is secure in a single operational environment is often stored unsecured or in less secure environments. Hackers are aware of this and will often target less secure non-operational systems. A comprehensive data governance program in place helps identify data loss quicker," Das adds.