Christie Clinic, a large healthcare provider in Illinois, has suffered the worst data breach reported in 2022 so far. After detecting suspicious activity from an employee's business account, the company began an investigation before confirming in January that a threat actor had accessed the e-mail account during a month-long period in Summer 2021.
At the end of March, the company posted a notice on its website describing the event.
"The investigation indicated that the purpose of the unauthorized access was to intercept a business transaction between Christie Clinic and a third party vendor," they wrote. "This investigation was unable to determine to what extent email messages in the account were actually viewed or accessed by an unauthorized actor."
While the provider admits to not knowing the extent of the breach, it has been estimated to affect about 500,000 residents of Illinois.