VITAS Healthcare Breach Exposes 319K Patient Records

We may earn from vendors via affiliate links or sponsorships. This might affect product placement on our site, but not the content of our reviews. See our Terms of Use for details.

VITAS Healthcare, America’s largest for-profit hospice chain, just disclosed a cybersecurity disaster.

Hackers maintained undetected access to patient systems for over a month, methodically downloading the personal and medical information of 319,177 vulnerable patients across 15 states.

The breach timeline reveals a calculated attack that exploited healthcare’s most critical vulnerability. Cybercriminals gained access through a compromised third-party vendor account on Sep. 21, then operated freely within VITAS systems until Oct. 27 – a staggering 36 days of uninterrupted access before detection triggered security alerts. It was on Dec. 8, when the US Department of Health and Human Services’ (HHS) healthcare data breach tracker revealed the number of people affected.

What makes this incident ...