American Baptist Homes of the Midwest (ABHM), a supplier of assisted living and assisted care centers around the U.S Midwest, has reported a security breach involving the use of ransomware on its systems.
The attack began on or around March 10, 2019. The attack was detected quickly, but only after the encryption routine had kicked off. The attack was disabled and affected accounts were secured, but not in time to prevent widespread file encryption. The files encrypted by the ransomware included the records of many ABHM clients.
ABHM’s clinical and billing systems were not impacted, only general file systems and email accounts. The attack is thought to have been conducted with the sole purpose of extorting money from ABHM, although due to the nature of access obtained to install the ransomware, unauthorized accessing of protected health information could not be eliminated. No proof of data theft or misuse of PHI has been discovered so far.
The sort of information stored on the compromised servers and systems included peoples’ names and addresses in combination with the following data elements: Social Security numbers, financial data, diagnoses, lab test results, medications and some other medical details.
The attack impacted the following locations:
Colorado:
- Health Center at Franklin Park, Denver
- Mountain Vista Senior Living, Wheat Ridge
Iowa:
- Crest Services – Cedar Rapids; Des Moines; Harlan; Ottumwa; and Chariton
- Elm Crest Senior Living, Harlan
Minnesota:
- Crest Services- Albert Lea
- Thorne Crest Senior Living, Albert Lea
Nebraska:
- Maple Crest Health Center, Omaha
South Dakota:
- Trail Ridge Senior Living, Sioux Falls
Wisconsin:
- Tudor Oaks Senior Living, Muskego
With the help of an external data forensics company, ABHM was able to successfully delete the ransomware from its systems and restore encrypted data from backups.
To enhance security and avoid further cyberattacks, ABHM engaged the services of a cybersecurity expert who conducted an in-depth risk assessment to identify potential risks and weaknesses.
Technical security measures have now been adapted to strengthen security. Those measures include the bolstering of password requirements, the use of rate limiting to stop brute force attacks on its systems, and a 24/7 security monitoring system to secure all ABHM data.
All impacted people have now been contacted through by mail and the incident has been reported to law enforcement and the HHS’ Office for Civil Rights (OCR). The OCR breach portal indicates 10,993 individuals were impacted by the attack.