A Maryland-based nursing home disclosed that it has fallen victim to a ransomware attack, exposing personal information of 47,754 residents.
Lorien Health Services said some of their systems’ files were encrypted in the attack on June 6. The family-owned facility has hired a team of security experts to determine the extent of the breach and what type of information was accessed by the attackers. Four days into the investigation, it was established that bad actors also breached the personal identifiable information of its residents. Social Security number, dates of birth, addresses, treatments and health diagnosis were among the private information accessed.
The attack has been attributed to the Netwalker ransomware gang, which apparently leaked some of the exfiltrated information after Lorien Health Services refused to pay the ransom. A data dump consisting of a password-protected 147MB archive is currently available for download. Similar files may also appear in the near future, since it is presumed that the attackers only shared a small batch of the scraped data.
According to a data breach notification posted on the facility’s website, Lorien reported the attack to the FBI, and will continue to “provide whatever cooperation is necessary to hold perpetrators accountable.”
All potentially impacted residents were notified via letter 10 days after the incident, on June 16. “The letters include information about the incident and about steps that can be taken to protect personal information,” Lorien officials said. The facility is now offering complimentary credit monitoring and identity protection services for its residents, and has also set up a call center for assistance.
The breach could have potentially devastating effects on victims, since thieves can use the Social Security numbers and dates of birth to conduct identity fraud and medical identity theft.
No industry or business has been spared since the beginning of the pandemic, and healthcare facilities make for an easy target. Amid the chaos brought on by the coronavirus, bad actors have diligently targeted healthcare facilities to steal and encrypt sensitive data, hoping that businesses will cave in to their demands.
However, paying ransom demands does not assure data recovery. It’s critical for companies to assess their network and device security, and make sure that employees are aware of the dangers of accessing or downloading suspicious files on their systems.