An all-too-common type of data security mistake – a misconfigured IT setting – has landed a Puerto Rico-based clearinghouse and cloud software services provider at the top of federal regulators’ list of largest health data breaches so far this year, in an incident impacting nearly 1.6 million individuals.
The agency says threat actors are targeting organizations' IT help desks with phone calls from a local area code claiming to be revenue cycle or administrator employees. After gaining access, they divert legitimate payments.