While investigating one ransomware attack, Walnut Place hit with second attack

On May 12, I  posted a press release from Walnut Place about a ransomware attack that had occurred in January. Their press release did not disclose that they had become aware of a second ransomware attack on May 6. A new press release, dated today, does:

On March 13, 2017, Walnut Place leadership was informed that a ransomware attack occurred on or around January 25, 2017 and was remediated on February 2, 2017.  Walnut Place previously disclosed notice of that incident.  While investigating this incident, Walnut Place was affected by another ransomware attack on May 6, 2017 and discovered it that same day.  Upon learning of the May 6, 2017 attack, Walnut Place continued its investigation to determine the full scope of the incident. Based on Walnut Place’s investigation to date, there is currently no evidence that any information was taken from the affected systems.  However, Walnut Place determined that unauthorized individuals had accessed Walnut Place’s systems and that certain personal information could have been accessed.  While Walnut Place’s investigation is ongoing, the first observed date of unauthorized activity occurred on December 19, 2016 and the last date occurred on May 8, 2017.  Walnut Place has been working diligently, with the assistance of third-party forensic investigators, to determine the full nature and scope of this incident, and to confirm the security of its systems.  Walnut Place is also taking additional actions to strengthen and enhance the security of its systems moving forward.

While the investigation is ongoing, to date, Walnut Place has no evidence of any actual or attempted misuse of information as a result of this incident.  However, the systems that were impacted by this incident may have contained the following personal information: names, Social Security numbers, driver’s license numbers, dates of birth, address information, telephone numbers, medical record numbers, payment information (such as banking and credit card information), health insurance information, and clinical/diagnostic information.  The type of information potentially affected was not the same for each individual.  While there is currently no evidence of any actual or attempted misuse of information as a result of this incident, Walnut Place decided the prudent course is to provide notice given the sensitive nature of this information.

Walnut Place will be mailing notice letters to individuals whose data was present on the affected systems and may have been affected as a result of the second ransomware attack. Walnut Place will continue the notification process should additional individuals be determined to be potentially impacted.

Walnut Place has provided potentially impacted individuals with access to 12 months of complimentary credit monitoring services. Walnut Place encourages potentially impacted individuals to remain vigilant against incidents of identity theft and fraud, to review account statements, and to monitor their credit reports and explanation of benefits forms for suspicious activity. Walnut Place is providing potentially impacted individuals with contact information for the three major credit reporting agencies, as well as providing advice on how to obtain free credit reports and how to place fraud alerts and security freezes on their credit files.  The relevant contact information is below:


P.O. Box 105069

Atlanta, GA 30348




P.O. Box 2002

Allen, TX 75013




P.O. Box 2000

Chester, PA 19106



Potentially impacted individuals may also find information regarding identity theft, fraud alerts, security freezes and the steps they may take to protect their information by contacting the credit bureaus, and the Federal Trade Commission.  The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261.

Walnut Place has set up a call center to answer questions from those who might be impacted by this incident.  Anyone with additional questions may contact the call center at 1-888-735-5898 (toll free), Monday through Friday, 8:00 a.m. to 8:00 p.m. CT.  Additional information on how potentially impacted individuals can protect themselves can also be found at Walnut Place’s website www.walnutplacelcs.com.

SOURCE Walnut Place

Related Links


About the author: Dissent

Comments are closed.