Security Breaches

American Baptist Homes of the Midwest Reports Ransomware Attack

By Elizabeth Hernandez

American Baptist Homes of the Midwest (ABHM), a supplier of assisted living and assisted care centers around the U.S Midwest, has reported a security breach involving the use of ransomware on its systems.

The attack began on or around March 10, 2019. The attack was detected quickly, but only after the encryption routine had kicked off. The attack was disabled and affected accounts were secured, but not in time to prevent widespread file encryption. The files encrypted by the ransomware included the records of many ABHM clients.

ABHM’s clinical and billing systems were not impacted, only general file systems and email accounts. The attack is thought to have been conducted with the sole purpose of extorting money from ABHM, although due to the nature of access obtained to install the ransomware, unauthorized accessing of protected health information could not be eliminated. No proof of data theft or misuse of PHI has been discovered so far.

The sort of information stored on the compromised servers and systems included peoples’ names and addresses in combination with the following data elements: Social Security numbers, financial data, diagnoses, lab test results, medications and some other medical details.

The attack impacted the following locations:

Colorado:

  • Health Center at Franklin Park, Denver
  • Mountain Vista Senior Living, Wheat Ridge

Iowa:

  • Crest Services – Cedar Rapids; Des Moines; Harlan; Ottumwa; and Chariton
  • Elm Crest Senior Living, Harlan

Minnesota:

  • Crest Services- Albert Lea
  • Thorne Crest Senior Living, Albert Lea

Nebraska:

  • Maple Crest Health Center, Omaha

South Dakota:

  • Trail Ridge Senior Living, Sioux Falls

Wisconsin:

  • Tudor Oaks Senior Living, Muskego

With the help of an external data forensics company, ABHM was able to successfully delete the ransomware from its systems and restore encrypted data from backups.

To enhance security and avoid further cyberattacks, ABHM engaged the services of a cybersecurity expert who conducted an in-depth risk assessment to identify potential risks and weaknesses.

Technical security measures have now been adapted to strengthen security. Those measures include the bolstering of password requirements, the use of rate limiting to stop brute force attacks on its systems, and a 24/7 security monitoring system to secure all ABHM data.

All impacted people have now been contacted through by mail and the incident has been reported to law enforcement and the HHS’ Office for Civil Rights (OCR). The OCR breach portal indicates 10,993 individuals were impacted by the attack.

Twitter Facebook LinkedIn Reddit Link copied to clipboard

Posted by

Elizabeth Hernandez

Elizabeth Hernandez works as a reporter for NetSec.news. Her journalism is centered on IT compliance and security. With a background in information technology and a strong interest in cybersecurity, she reports on IT regulations and digital security issues. Elizabeth frequently covers topics about data breaches and highlights the importance of compliance regulations in maintaining digital security and privacy. Follow on X: https://twitter.com/ElizabethHzone

Related News

Bodybuilding.com Data Breach Impacts 3,193 Employees

Chinese Nationals Charged over 78.8 Million-Record Anthem Inc Hack