Sound Generations Reports Two Ransomware Attacks Affecting Over 100,000 Individuals

Seattle, WA-based Sound Generations has announced that unauthorized individuals have gained access to its internal systems and have used ransomware to encrypt files.

Sound Generations is a nonprofit that helps older adults and adults with disabilities obtain free to low-cost healthcare resources. The organization is the largest provider of comprehensive services for aging adults in King County, WA.

According to the substitute breach notification letter uploaded to its website, unauthorized individuals accessed its systems and encrypted data on July 18, 2021, and again on September 18, 2021. In both cases, the unauthorized access was promptly terminated and both incidents were investigated by a third-party forensics firm to determine the nature and scope of the security breaches; however, it was not possible to tell if any protected health information was viewed or obtained by the attackers.

An internal review of the affected systems confirmed the protected health information of 103,576 individuals was stored on the affected systems. That information included demographic and health information, including names, addresses, phone numbers, email addresses, dates of birth, and whether or not an individual has health insurance. Health histories and health conditions may have been exposed if that information was provided to Sound Generations and individuals who participated in the EnhanceFitness program may also have had their health insurance number exposed.

Sound Generations said it has received no indication that any of the information stored on its systems has been used by any person to commit fraud, but all affected individuals should exercise caution and monitor their accounts and explanation of benefits statements for signs of fraudulent activity.

Sound Generations says it has significantly enhanced its cybersecurity controls as a result of the recent attacks

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.