Carespring Healthcare Management, an Ohio-based nursing home, recently notified approximately 77,000 individuals that their personal and medical information may have been compromised in a data breach. The breach, which dates back to October 2023, was discovered on October 28, 2023. However, it took around nine months of investigation to determine if any data had been exfiltrated from the nursing home’s network. On July 16, 2024, Carespring confirmed that between October 12 and October 30, 2023, an unauthorized individual may have accessed or acquired certain sensitive information stored in their system.
The types of information potentially compromised include names, Social Security numbers, birth dates, addresses, medical and diagnosis details, and health insurance information. While there has been no confirmed evidence that this information has been misused for fraudulent purposes, Carespring advised both patients and employees to remain vigilant in reviewing their financial account statements to detect any unusual or suspicious activities. In response to the incident, Carespring is providing 12 months of free identity monitoring services, including credit monitoring, fraud consultation, and identity theft restoration, to affected individuals.
Carespring initiated written notifications to the impacted individuals last week and informed the Maine Attorney General’s Office about the breach, which potentially affected the personal data of 76,719 people. Despite the breach’s magnitude, the investigation into the incident is still ongoing and involves law enforcement and cybersecurity professionals. Carespring has not yet shared specific details about the nature of the cyberattack.
Interestingly, Carespring’s name appeared on several Tor-based leak sites of ransomware groups following the breach. The Noescape ransomware group claimed to have stolen 364GB of data from Carespring, listing the organization on their site on November 10, 2023. Additionally, Carespring was added to Hunters‘ leak site in February and to LockBit’s site in May, signaling the possible involvement of ransomware actors in the breach.
Reference:
