TN: Professional Healthcare Management discloses ransomware incident
PHM’s press release, followed by this site’s comments/notes:
MEMPHIS–(BUSINESS WIRE)–Professional Healthcare Management, Inc. (“PHM”)1, located in Memphis, Tennessee, announced today that it recently became aware of a data privacy incident impacting its servers, which contained protected health and personal information of some PHM clients and employees. PHM is a business that primarily operates in the home health care services industry and provides related health care services. PHM is committed to keeping the community informed, communicating about the steps it is taking toward resolution, and ensuring impacted individuals have the tools they need to minimize the impact of the incident.
On September 14, 2021, PHM discovered that it was the victim of a sophisticated ransomware attack. After discovering the incident, PHM quickly took steps to secure and safely restore its systems and operations. Further, PHM immediately engaged third-party forensic and incident response experts to conduct a thorough investigation of the incident’s nature and scope and assist in the remediation efforts. PHM’s investigation is ongoing, but after performing a comprehensive review of the impacted data, PHM believes it could contain protected health information.
PHM is notifying those potentially impacted by this incident by mail (if possible) and providing steps that can be taken to protect their information, including complimentary identity monitoring and protection services. PHM recommends that these individuals enroll in the services provided and follow the recommendations contained within the notification letter to increase the likelihood that their information remains protected. As of the date of this release, PHM has no evidence indicating misuse of any information. Notification to individuals potentially affected by this incident is being performed out of an abundance of caution and pursuant to the organization’s obligations under the Health Insurance Portability and Accountability Act (HIPAA).
Further, after reviewing the potentially impacted protected health and personal information, PHM determined that it may include first and last name, social security number, health insurance information (Medicaid number, Medicare number and insurance identification number), prescription name(s) and diagnosis code(s). Again, as stated above, it is important to note that PHM has no evidence of misuse of any information as of the date of this release.
In response to this incident, PHM is implementing additional cybersecurity safeguards, enhancing its cybersecurity policies, procedures, and protocols, and implementing additional employee cybersecurity training.
“We take the security and privacy of the information contained in our systems with the utmost seriousness. Further, we were shocked to discover that we were one of the thousands of victims of this type of cyberattack,” said Amanda Egner, CIO of PHM. “We are fully committed to protecting the information on our systems and sincerely regret the concern and inconvenience caused by this event. We thank the community, our employees, patients, and partners for their support during this event.”
As a precautionary measure, PHM recommends that individuals remain vigilant by closely reviewing their account statements and credit reports. If any suspicious activity is detected, PHM strongly advises that the account holder promptly notify the financial institution or company that maintains the account. Further, individuals should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities, including their state attorney general and the Federal Trade Commission (FTC). To file a complaint or to contact the FTC, you can (1) send a letter to the Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue NW, Washington, DC 20580; (2) go to IdentityTheft.gov/databreach; or (3) call 1-877-ID-THEFT (877-438-4338). Complaints filed with the FTC will be added to the FTC’s Identity Theft Data Clearinghouse, a database made available to law enforcement agencies.
For individuals seeking more information or who have questions, please call the dedicated toll-free helpline set up specifically for this purpose at 1-833-760-0502, Monday through Friday, 8:00 a.m. to 8:00 p.m. (EST). In addition, individuals seeking to contact PHM directly may write to Professional Healthcare Management, 7900 Players Forest Drive, Memphis, TN 38119.
1 Professional Healthcare Management, Inc. is a management company that manages (or previously managed) five healthcare entities (Volunteer Home Care Inc.; Volunteer Home Care of West TN., Inc.; Volunteer Home Care of Middle TN., Inc., which also does business as Quality First Home Care; Springhill Home Health and Hospice; and Affinity Health Care).
Comment by DataBreaches.net: This attack first appeared on the Cuba ransomware group’s leak site on September 21. When DataBreaches.net looked at the alleged proof of claims, we discovered that the data Cuba posted had nothing to do with PHMINC.
At some date unknown to DataBreaches.net, Cuba removed the listing. Usually that means that the victim has paid ransom, but that is not necessarily proof of anything.
DataBreaches.net emailed PHMINC to ask whether they had paid the extortion demand to get Cuba to remove the listing from their leak site and to supposedly destroy all data, but no immediate reply has been received. This post will be updated if a reply is received.
This incident has not yet shown up on HHS’s public breach tool.