Cyber Incident Victim: Salusive Health
Date:
Mar 2022
Location:
United States of America
Summary
Salusive Health, operating as myNurse, experienced a data security incident involving unauthorized system access, prompting immediate containment and restoration efforts. The breach potentially exposed patient demographic, clinical, and financial information, including one individual's Social Security number, though no evidence of data misuse was found. Concurrently, the organization announced permanent closure of clinical operations, emphasizing this decision was unrelated to the incident. Impacted individuals were advised to review account statements and consider credit freezes while the company implemented enhanced security measures to prevent future events. Patients retained monitoring devices provided by the service, with encouragement to continue health management independently.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Salusive Health, operating as myNurse, detected suspicious activity within its systems on March 7, 2022. Subsequent investigation revealed unauthorized access to its network commencing on March 3, 2022. The organization initiated immediate containment and restoration procedures to secure affected systems. On April 29, 2022, Salusive Health publicly disclosed the incident through a website notification and correspondence submitted to the California Attorney General's Office. The breach potentially exposed patient demographic data, clinical information, and financial details, with one individual's Social Security number compromised. Company representatives emphasized no evidence of data misuse or dissemination at the time of disclosure.
Concurrently with breach notifications, Salusive Health announced permanent cessation of clinical operations effective May 31, 2022, explicitly stating this decision was unrelated to the security incident. The closure notification appeared within the breach disclosure letter addressed to California authorities. Affected individuals received recommendations to monitor account statements and consider credit freezes. The organization implemented enhanced security measures to prevent recurrence while allowing patients to retain previously distributed health monitoring devices such as blood pressure cuffs and scales. Clinical care relationships with medical professionals remained unaffected according to the notice, which concluded with well-wishes for patients' continued health management.