MN: American Baptist Homes of the Midwest notifies patients and residents of ransomware incident
May 6, 2019
Re: Notification of Security Incident
Dear Sir or Madam,
We are writing to let you know about an information security incident that could potentially affect the confidentiality of your personal information. Please be assured we have taken every step necessary to address this incident and we are committed to fully protecting all of the information you have entrusted to us. We want to be as transparent as we can about this incident and share what additional steps you can take to guard against potential fraud and identity theft.
At this time, there is no evidence that the unauthorized party retrieved your information or used any of your information for malicious purposes. We are bringing this incident to your attention in an abundance of caution so you can take any action necessary to reduce the potential for harm.
On or about March 10, 2019, American Baptist Homes of the Midwest (“ABHM”) became a victim of a cybersecurity incident. The incident occurred when an unauthorized party gained access to ABHM’s computer system and infected the system with malware. The malware encrypted many of ABHM’s records, which made them inaccessible, in an effort to extort money. This is commonly known as ransomware. We discovered the malware very shortly after it encrypted our records on March 10th and were able to stop the incident and secure the affected accounts
What Information may have been accessed
Although the incident did not impact our clinical and billing system, it affected company emails and general file systems. Due to the nature of the computer servers and the information stored on them, the unauthorized party may have had access to names and addresses of individuals whose data was maintained by ABHM. Other information, including, social security numbers, medical information (such as diagnosis, lab results and medications) and financial information may also have been included in what the unauthorized party was able to see. The following ABHM locations were affected:
- Thorne Crest Senior Living, Albert Lea, MN
- Tudor Oaks Senior Living, Muskego, WI
- Elm Crest Senior Living, Harlan, IA
- Health Center at Franklin Park, Denver, CO
- Maple Crest Health Center, Omaha, NE
- Mountain Vista Senior Living, Wheat Ridge, CO
- Trail Ridge Senior Living, Sioux Falls, SD
- Crest Services- Albert Lea, MN, Cedar Rapids, IA, Des Moines, IA, Harlan, IA, Ottumwa, IA, Chariton, IA
It appears that your information may have been accessible to the unauthorized party. However, at this time ABHM has no evidence that any resident information was retrieved or misused in any way.
What we are doing to protect you
ABHM acted quickly to address the issue and was able to recover and regain control of the files and end the incident after only a few hours.
We engaged a data forensics firm to ensure all systems were free of malware and assist in the backup recovery of our systems. In addition to addressing the immediate issue, ABHM has adopted further safeguards going forward. ABHM brought in a third-party security expert to perform an in-depth security risk assessment, enhanced its technological security requirements (for example, we strengthened password requirements and implemented electronic procedures that terminate access to ABHM systems after a series of failed attempts) and engaged a 24/7 security monitoring system to safeguard and protect all ABHM data. ABHM has also informed law enforcement and the Office for Civil Rights at the U.S. Department of Health and Human Services.
What you can do to protect yourself
You can read more on their site. This is another instance of not offering patients any credit monitoring services.