Enterprise IT provider Serviceaide has confirmed a data breach affecting the personal and medical information of more than 483,000 individuals tied to Catholic Health, a nonprofit healthcare system based in New York.
In a notice to the Department of Health and Human Services (HHS), the California-based software firm said the breach stemmed from an Elasticsearch database that was inadvertently left publicly accessible between September 19 and November 5, 2024. The exposed database was being maintained on behalf of Catholic Health, a long-standing Serviceaide client.
Sensitive Health and Identity Data Potentially Exposed
While Serviceaide said it has found no definitive evidence that the data was accessed or exfiltrated, it cannot completely rule out the possibility of misuse. The exposed records included highly sensitive personal and medical information, which varied by individual. According to a notice posted on the company’s website, this could include:
- Full names
- Social Security numbers
- Dates of birth
- Medical record and patient account numbers
- Prescription and treatment details
- Clinical and health insurance information
- Healthcare provider data
- Email addresses, usernames, and passwords
This breach underscores the growing risks tied to misconfigured cloud infrastructure and the importance of access controls, especially in healthcare settings where data sensitivity is paramount.
Credit Monitoring Offered as Fallout Spreads
Serviceaide says it is notifying affected individuals and is offering 12 months of complimentary credit monitoring and identity theft protection services. The company has also pledged to strengthen its data security protocols and has been working closely with HHS and Catholic Health to assess the full impact.
The breach, now listed on HHS’s public breach portal, is one of the more substantial healthcare incidents reported in recent months—but by no means an outlier. Healthcare data breaches frequently impact hundreds of thousands of individuals, and in some cases, the numbers climb into the millions.
As health systems grow increasingly reliant on third-party IT and cloud vendors, incidents like this highlight the need for proactive data governance and stronger breach detection mechanisms across the healthcare supply chain.
