CPAP Medical Supplies and Services Inc. suffered a cybersecurity breach in December 2024 when an unauthorized actor accessed their network, compromising sensitive data including full names, birth dates, Social Security numbers, health insurance information, medical history, and treatment plans. The affected records primarily belong to US military members, veterans, and their families who rely on CPAP’s specialized apnea equipment. The breach was not discovered until six months later in June 2025, delaying response efforts and increasing risk exposure.
The incident highlights ongoing vulnerabilities in healthcare cybersecurity, as attackers frequently target organizations holding sensitive personal health information for potential identity theft, fraud, or blackmail. Despite CPAP’s offer of credit monitoring and identity theft protection services, there remains a risk of misuse which could impact personal security, veterans’ benefits eligibility, future employment opportunities, and trust in healthcare providers.
Affected individuals are advised to follow specific protective measures such as changing passwords, enabling two-factor authentication with FIDO2-compliant devices, remaining vigilant against phishing attacks, and considering identity monitoring services. This breach underscores the importance of robust cybersecurity practices within healthcare and specialized providers serving sensitive populations like the military community.
👉 Pročitaj original: Malware Bytes
