Cherry Street Services, operating as Cherry Health, has begun informing more than 180,000 individuals about a ransomware attack compromising their personal data. The incident, occurring in December 2023, led to system disruptions, hinting at the involvement of file-encrypting ransomware. Despite an initial disclosure in January, it wasn’t until a February update that Cherry Health confirmed the compromise of patients’ personal information.
In a recent filing with the Maine Attorney General’s Office, Cherry Health confirmed the ransomware involvement and disclosed the impact on approximately 184,000 individuals. The compromised data includes a wide range of sensitive information such as names, addresses, Social Security numbers, and medical records. Cherry Health is taking steps to mitigate the fallout by offering free credit monitoring and identity protection services to those affected.
Operating over 20 locations in Michigan and boasting a team of over 800 healthcare professionals, Cherry Health plays a significant role in the state’s healthcare landscape. The organization’s swift response to the breach demonstrates its commitment to addressing the security incident and safeguarding the affected individuals’ information. However, the incident underscores the persistent threat posed by ransomware attacks in the healthcare sector and the importance of robust cybersecurity measures in protecting sensitive data.
