Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Ransomware

Carespring Data Breach Exposes Personal and Medical Information of Nearly 77,000 Patients

Data includes names, dates of birth, physical addresses, Social Security Numbers, medical and diagnosis information, and health insurance details.

Ohio nursing home Carespring Healthcare Management is notifying approximately 77,000 individuals that their personal and medical information was compromised in a data breach that dates back to October 2023.

The incident was discovered on October 28, 2023, but the investigation into whether data was exfiltrated from the nursing home’s network took roughly nine months.

Last week, Carespring started sending written notification letters to the potentially affected individuals, and informed the Maine Attorney General’s Office that the information of 76,719 people was likely compromised in the breach.

“After an extensive forensic investigation and document review, we discovered on July 16, 2024, that between October 12, 2023, and October 30, 2023, a limited amount of information stored on our network may have been accessed and/or acquired by an unauthorized individual,” Carespring said.

Potentially compromised information, according to an incident notice, includes names, dates of birth, addresses, Social Security Numbers, medical and diagnosis information, and health insurance information.

Carespring said that it had no evidence that the compromised information has been used for fraud, but recommends that both employees and patients remain vigilant “in reviewing financial account statements on a regular basis for any fraudulent activity”.

The organization is providing the potentially impacted individuals with 12 months of free identity monitoring services, including credit monitoring, fraud consultation, and identity theft restoration.

The investigation into the incident, carried out by professionals and law enforcement, is still ongoing, Carespring said.

Advertisement. Scroll to continue reading.

While Carespring did not share details on the type of cyberattack it fell victim to in October, its name appeared on the Tor-based leak sites of several ransomware groups.

On November 10, 2023, the Noescape ransomware group listed Carespring on their site, claiming the theft of 364GB of data from the nursing home. This year, Carespring was added to Hunters’ leak site in February and to LockBit’s in May.

Related: 460k Impacted by Kootenai Health Ransomware Attack

Related: Ransomware Attacks on Industrial Firms Surged in Q2 2024

Related: US Charges Three Europeans Over Ransomware and Malvertising

Related: Users Warned of New Aerst, ScareCrow Ransomware Families

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights