CareTree Breach

CareTree is a software company developing solutions for care management and patient advocacy programs. Their software allows families and doctors to share information intuitively. CareTree is in Chicago—with the region’s recent healthcare breach rash, this leak could turn hundreds more into victims.

What Was the Breach?

• Full Name
• Date of Birth
• Residential Address
• Driver’s License Number
• Social Security Number
• Financial Account Information
• Health Insurance Details
• Medical Record Numbers

How Did the Breach Occur?

An unauthorized party gained access to CareTree’s systems, but how this was made possible is unclear. It was likely a remote network attack, utilizing vulnerabilities or injections. The event may have been part of a more significant ransomware assault, but it is challenging to determine without additional information.

When Did This Breach Occur?

CareTree’s investigations allege the attack happened on or around July 21st, 2023. Employees presumably noticed suspicious activity around a month later, on August 16th. Mediation and reviews began and concluded around October 13th. Since then, CareTree has worked to notify individuals and authorities.

Who Does the Breach Impact?

Those who may have had information exposed in this breach may be any CareTree associate; they could be patients, staff or employees, or vendors and provider contacts. At this time, any CareTree associate may have had their information exposed. By the time the investigations are complete, the criminals may have misused the data.

How Many Files Does the Breach Affect?

There is no estimated figure because the attackers reportedly removed the data from CareTree’s access. Until they can obtain the data from a backup server or resource, their investigation will continue; patients and employees can protect themselves regardless.