American Baptist Homes of the Midwest became victim of a ransomware attack

American Baptist Homes of the Midwest (ABHM), an assisted care facilities and assisted living provider throughout U.S Midwest, has reported security breach involving use of ransomware on their network.

The attack began on or around Mar. 10, 2019. The cyberattack was detected quickly, but only after encryption process had commenced. Officials said that the cyberattack was stopped and the affected accounts have been secured, however the widespread file encryption cannot be prevented.

Assisted by the third-party forensics company, the ABHM was successful in removing ransomware from their systems and then restore the encrypted data from their backups. The encrypted files contain many ABHM client records stored on ABHM's email accounts and general file systems. Billing and clinical systems of ABHM were not infected by this ransomware. While the officials said that they believe this cyberattack was conducted with sole aim of extorting money from the ABHM, but they cannot rule out the unauthorized access of protected health information. No evidence of misuse of Personal Health Information (PHI) or data theft was found till date.

The information types stored on compromised servers as well as systems include names and addresses of the patients, in combination with following data elements: financial information, Social Security numbers, diagnoses, medications, lab test results, and other medical information.

The ABHM locations that are impacted by this attack include: Health Center in Franklin Park of Denver city, Colorado; Mountain Vista Senior Living in Colorado's Wheat Ridge; Thorne Crest Senior Living in Minnesota's Albert Lea city; Crest Services in Minnesota's Albert Lea city; Trail Ridge Senior Living in South Dakota's Sioux Falls; Maple Crest Health Center in Nebraska's Omaha city; Crest Services in Iowa's Chariton city, Des Moines city, Cedar Rapids city, Harlan city, and Ottumwa city; Elm Crest Senior Living in Iowa's Harlan city; and Tudor Oaks Senior Living in Wisconsin's Muskego city.

To improve the security and avoid further cyberattacks, a cybersecurity leader was hired by ABHM. The cybersecurity expert has conducted a risk assessment; as well as strengthens the security with requirements of much more stronger password, continuous monitoring to protect all ABHM data, and limiting the attempted account access.

All the affected individuals are now been informed by mail. The incident has also been reported to the law enforcement along with the HHS' OCR (Office for Civil Rights). The breach portal of OCR indicates that 10,993 individuals have been affected by this attack.

» SPAMfighter News - 5/24/2019