cybersecurity

Maxicare data breached in attack on third-party provider

Victor Barreiro Jr.

This is AI generated summarization, which may have errors. For context, always refer to the full article.

Maxicare data breached in attack on third-party provider
(1st UPDATE) Maxicare institutes emergency measures and starts an investigation together with data security professionals and an industry-leading cybersecurity firm to probe the veracity or extent of the data breach reports

MANILA, Philippines – The National Privacy Commission (NPC) confirmed on Tuesday, June 18, it received a data breach notification report “from Maxicare Healthcare Corporation through the NPC’s Data Breach Notification Management System” on Sunday, June 16.

Details of Maxicare’s breach notification were not published by the NPC.

However, cybersecurity enthusiast group Deep Web Konek posted on a blog post on June 18, an alleged screenshot of an email from Maxicare dated June 16, informing a member that an unauthorized actor had been able to access their member data on June 13, via a breach on the systems of a third-party partner known as Lab@Home.

The blog post also shared a screenshot from what appears to be an online forum post showing a user selling alleged Maxicare data totaling 33.3 MB, with the threat actor identifying itself as OPCODE-90.

Deep Web Konek also claimed that breached data includes complete names, Maxicare card numbers, addresses, and requested procedures.

Maxicare responds

In a Facebook post on Tuesday evening, Maxicare called the incident an “alleged unauthorized access to the personal information of approximately 13,000 members, representing less than 1% of our member population” who were using the booking platform of its third-party homecare provider Lab@Home. Maxicare said that while potentially compromised information may include information made for booking requests, it stressed “no sensitive medical information” was exposed.

Maxicare said Lab@Home had a separate database for booking requests which was not integrated into Maxicare’s system, meaning the business operations, customer data, and network data of Maxicare were not impacted. The company has also instituted emergency measures and began an investigation together with data security professionals and an industry-leading cybersecurity firm to probe the veracity or extent of the data breach reports.

Maxicare members and account holders who may wish to contact the group regarding data privacy concerns can email its data protection officer at dpo@maxicare.com.ph.

– Rappler.com

Add a comment

Sort by

There are no comments yet. Add your comment to start the conversation.

Summarize this article with AI

How does this make you feel?

Loading
Download the Rappler App!
Person, Human, Sleeve

author

Victor Barreiro Jr.

Victor Barreiro Jr is part of Rappler's Central Desk. An avid patron of role-playing games and science fiction and fantasy shows, he also yearns to do good in the world, and hopes his work with Rappler helps to increase the good that's out there.