Cyber Incident Victim: Urgent Team Holdings
Date:
Nov 2021
Location:
United States of America
Summary
Urgent Team Holdings experienced a cyberattack compromising its network, potentially exposing protected health information of approximately 166,600 patients across multiple states, including full names, dates of birth, and medical record numbers; while unauthorized access was confirmed, no evidence of data exfiltration or subsequent misuse was identified. A related incident involving unauthorized access to employee email accounts at an affiliated entity exposed additional patient data such as medical treatment details and health insurance information for over 23,000 individuals, prompting the implementation of enhanced security measures including multi-factor authentication and advanced antivirus monitoring across affected systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Urgent Team Holdings, operating over 70 urgent care centers across five states, identified unauthorized access to its network between November 12 and November 18, 2021. The organization engaged third-party cybersecurity experts to investigate the incident, which revealed potential exfiltration of files containing protected health information. A comprehensive review concluded on January 31, 2022, confirmed the compromised data included patients' full names, dates of birth, and medical record numbers, affecting 166,601 individuals. While evidence confirmed data theft occurred, investigators found no proof that exfiltrated information was actually removed from company systems or subsequently misused. In response, Urgent Team implemented multi-factor authentication across its systems and deployed additional security layers to restrict unauthorized access attempts. The organization also adopted a new antivirus solution configured to generate alerts for suspicious system access patterns. Notification letters were dispatched to affected patients following completion of the forensic review, though no identity protection services were mentioned as being offered to this group. The breach was reported to the HHS Office for Civil Rights in accordance with federal requirements.
A separate but similarly timed incident affected The Guidance Center, Inc, where unauthorized individuals accessed several employee email accounts for a limited duration. Upon detection, the organization immediately secured the compromised accounts and initiated an investigation with assistance from cybersecurity consultants. Analysis determined the breached email accounts contained protected health information, with exposed data elements varying by individual but potentially including patient names combined with medical treatment details, diagnosis information, health insurance data, or patient record numbers. The incident impacted 23,104 individuals, whom the organization notified while offering complimentary identity protection and credit monitoring services where appropriate types of sensitive information were exposed. The Guidance Center implemented additional security measures to prevent recurrence following its investigation and similarly reported the breach to federal regulators. Both organizations maintained there was no evidence of actual misuse of patient data following their respective security incidents.