Michigan healthcare organization Cherry Street Services (Cherry Health) has started notifying over 180,000 individuals that their personal information was compromised in a ransomware attack.
The incident occurred on December 21, 2023, and resulted in the disruption of certain systems, suggesting that file-encrypting ransomware might have been involved.
Cherry Health initially disclosed the attack in early January, and announced in a February update that patients’ personal information had been compromised.
In a filing with the Maine Attorney General’s Office this week, the organization confirmed that ransomware was involved in the attack and revealed that approximately 184,000 individuals were affected by the incident.
“We took steps to determine the types of information that were at risk and the individuals to whom it pertained. On March 25, 2024, this process was completed, and we worked to notify you as soon as possible,” Cherry Health notes in a letter to the impacted individuals.
The compromised information, the organization says, includes names, addresses, dates of birth, Social Security numbers, phone numbers, health insurance information, health insurance and patient ID numbers, treatment information, prescription information, and financial account information.
The healthcare organization is providing the impacted individuals with free credit monitoring and identity protection services.
Cherry Health operates more than 20 locations in Michigan and has a team of more than 800 healthcare professionals.
Related: 530k Impacted by Data Breach at Wisconsin Healthcare Organization
Related: DOJ-Collected Information Exposed in Data Breach Affecting 340,000