medQ reports data encryption incident and data breach

medQ, Inc., a healthcare software company headquartered in Plano, Texas, reports a data breach caused by hackers infiltrating and encrypting a software platform utilized by medQ.  The attack ocurred between December 20, 2023, and December 26, 2023.

The discovery of the breach prompted medQ to shut down its network connections and perform an investigation. By February 16, 2024, the company had reviewed the compromised files, identifying the affected consumers and the nature of data accessed. The attack compromised sensitive consumer information including:

• names,
• Social Security numbers,
• driver's license numbers,
• dates of birth,
• diagnoses,
• lab results,
• medication details,
• treatment data,
• health insurance and claims information.

No details are disclosed about the nature of the attack or number of affected individuals. Based on the information about encryption, it's probable that the attack is a ransomware attack.

Consequently, medQ initiated the process of notifying impacted individuals through data breach letters on February 23, 2024, advising them of the breach and the specific details of their compromised information.