Ransomware Attack Reported by American Baptist Homes of the Midwest
American Baptist Homes of the Midwest (ABHM), a provider of assisted living and assisted care facilities throughout the U.S Midwest, has reported a security breach involving the use of ransomware on its network.
The attack commenced on or around March 10, 2019. The attack was detected promptly, but only after the encryption routine had commenced. The attack was stopped and affected accounts were secured, but not in time to prevent widespread file encryption. The files encrypted by the ransomware contained the records of many ABHM clients.
ABHM’s clinical and billing systems were not affected, only general file systems and email accounts. The attack is believed to have been conducted with the sole purpose of extorting money from ABHM, although due to the nature of access gained to install the ransomware, unauthorized accessing of protected health information could not be ruled. No evidence of data theft or misuse of PHI has been found to date.
The types of information stored on the compromised servers and systems included individuals’ names and addresses in combination with the following data elements: Social Security numbers, financial information, diagnoses, lab test results, medications and some other medical information.
The attack affected the following locations:
- Health Center at Franklin Park, Denver
- Mountain Vista Senior Living, Wheat Ridge
- Crest Services – Cedar Rapids; Des Moines; Harlan; Ottumwa; and Chariton
- Elm Crest Senior Living, Harlan
- Crest Services- Albert Lea
- Thorne Crest Senior Living, Albert Lea
- Maple Crest Health Center, Omaha
- Trail Ridge Senior Living, Sioux Falls
- Tudor Oaks Senior Living, Muskego
Assisted by a third-party data forensics company, ABHM was able to successfully remove the ransomware from its systems and restore encrypted data from backups.
To improve security and prevent further cyberattacks, ABHM engaged the services of a cybersecurity expert who conducted an in-depth risk assessment to identify potential risks and vulnerabilities.
Technical security measures have now been implemented to enhance security. Those measures include the strengthening of password requirements, the use of rate limiting to prevent brute force attacks on its systems, and a 24/7 security monitoring system to safeguard all ABHM data.
All affected individuals have now been notified by mail and the incident has been reported to law enforcement and the HHS’ Office for Civil Rights (OCR). The OCR breach portal indicates 10,993 individuals were affected by the attack.