The Sleep Management Institute, a provider based in Cincinnati, Ohio, recently faced a severe ransomware attack that led to an extensive data breach. The breach was discovered on February 5, 2024, when unusual activity was detected in their computer systems, indicative of a ransomware incident. The institute promptly took affected systems offline and notified law enforcement, while engaging cybersecurity experts to assist with the investigation. This breach resulted in unauthorized access to a vast array of sensitive consumer information including names, addresses, Social Security Numbers, and medical details.
Upon further investigation, it was confirmed that unauthorized actors had access to Sleep Management’s systems from January 27, 2024, to February 6, 2024. During this period, the attackers were able to access files containing confidential patient information. The nature of the exposed data was extensive, encompassing not just personal identification and contact information but also highly sensitive data such as driver’s license numbers, passport numbers, financial account details, digital signatures, biometric data, and medical information.
In response to this security incident, the Sleep Management Institute began the process of issuing data breach notification letters to all potentially affected individuals on April 5, 2024. These notifications are part of the institute’s effort to inform victims about the breach and the specific types of personal information that were compromised. The institute also filed a notice of the data breach with the U.S. Department of Health and Human Services Office for Civil Rights, as required by law, to detail the nature and extent of the exposure.
