Home Healthcare Vendor in New York Suffers a Ransomware Attack

  • By Dawna M. Roberts
  • Apr 07, 2021

 Personal Touch Holding Corp. suffered a data breach affecting 753,000 patients, employees, and ex-workers due to a cloud service ransomware attack. It is the second attack in 15 months affecting the same service.

What Happened?

Personal Touch Home Care owns and operates roughly 30 offices throughout the country. On January 27, the company reported a cyberattack on their private cloud managed by its service provider. However, it is unclear as to which cloud vendor they are using.

Per regulations, Personal Touch Home Care filed 16 breach reports to the Department of Health and Human Services in six states, including one for Wyomissing, Pennsylvania-based Crossroads Technologies, that houses the company’s healthcare records and electronic cloud-based services.

What Information Was Breached?

The health care provider posted a message on its website stating that the data breach included private cloud-based records of “direct and indirect subsidiaries.”

Reports claim that patient information was exposed that includes medical record numbers, full names, home addresses, phone numbers, dates of birth, social security numbers, financial information including copies of checks, credit card numbers, bank account details, and health plan benefits and IDs. This puts these patients at severe risk of identity theft and bank takeover.

Along with patient data, employee information was also breached that includes their names, addresses, phone numbers, birthdates, social security numbers, dependent information (social security numbers), spouses’ information also including social security numbers, employees’ passport details, driver’s license numbers, birth certificates, credit reports and more.

Unfortunately, the damage does not stop there. According to InfoRisk Today, “Also potentially compromised were employee usernames and passwords, personal email addresses, fingerprints, insurance card, and health and welfare plan benefit numbers, retirement benefits information, medical treatment information, check copies and other financial information necessary for payroll.”

What Did PTHC Do About It?

As soon as the incident was discovered, Personal Touch Home Care (PTHC) contacted legal representation along with independent forensic experts to investigate the matter.

PTHC commented in their report.

“While the investigation is still ongoing, and we cannot confirm the extent to which employee and patient data was compromised, we are notifying our community that the breach occurred, in our effort to comply with the applicable state data breach notification laws,”

Officials also confirmed that the company contacted the FBI about the incident and has implemented new monitoring and security software to help prevent further attacks.

The Larger Picture

Over the past year, healthcare providers have become a significant target for threat actors. The reason why is they are often easy targets due to less secure infrastructure and reliance on third-party vendors and cloud services. That begs the question, how do healthcare organizations protect themselves?

Healthcare companies can protect themselves by becoming very familiar with third-party vendor services and their security measures. Vet new vendors thoroughly and ask pointed questions about security, privacy, and access. If you are storing your private information on their servers, you have the right to know how well it will be protected.

Set up periodic audits to verify the data’s integrity and access logs. Hire outside experts to perform penetration testing to ensure that where your data is stored cannot be accessed from outside your own network. Verify security certificates, and require frequent updates about security measures, updates in software, and any changes to the services provided.

If you cannot trust your third-party vendors, then consider migrating your data to an in-house server with on-site access only, to protect the privacy and security of patient, employee, and affiliate’s information. Avoiding further data breaches is well worth the initial cost of implementing better, more secure systems.




About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

What is an Incident Response?

What is an Incident Response?

What is an Incident Response? After a bank heist, the work begins with specialized teams and plans engaged, allowing for analysis of the event, and from this analysis, the bank can prepare a response to the incident.

What is a Social Engineering Attack? Techniques and Ways to Prevent

What is a Social Engineering Attack? Techniques and Ways to Prevent

Everyone has received a spam text or email at some point. Their hallmarks are widely known; they often include poor or strange grammar, suspicious links, suggested connections with companies or people, or random individuals asking for help in some capacity.

Side Channel Attack: Everything You Need To Know

Side Channel Attack: Everything You Need To Know

Every year, millions of people get victimized by data breaches. Criminals steal their data from the network environments of organizations, vendors, providers, institutions, and governments; with ever-increasing frequency, cybercriminals are making big moves in the cyber wars—and making billions of dollars. 

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Exposure Scan
Instantly and Securely Check if Your Personal Information is Exposed on the Dark Web or Sold by Data Brokers
Please enter first name
Please enter last name
Please select a state
Close
Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close