As many as 1.6 million individuals in Puerto Rico may have their health information exposed because of a snafu by an information technology vendor. Inmediata Health Group operates a database that captures current cyber threats and assesses, remediates and monitors risks to critical business systems and data. In January, Inmediata became aware that protected data was viewable online because a web page setting permitted search engines to index internal webpages used for business operations.
The agency says threat actors are targeting organizations' IT help desks with phone calls from a local area code claiming to be revenue cycle or administrator employees. After gaining access, they divert legitimate payments.
