DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

MN: American Baptist Homes of the Midwest notifies patients and residents of ransomware incident

Posted on May 7, 2019 by Dissent

May 6, 2019

Re: Notification of Security Incident

Dear Sir or Madam,

We are writing to let you know about an information security incident that could potentially affect the confidentiality of your personal information. Please be assured we have taken every step necessary to address this incident and we are committed to fully protecting all of the information you have entrusted to us. We want to be as transparent as we can about this incident and share what additional steps you can take to guard against potential fraud and identity theft.

At this time, there is no evidence that the unauthorized party retrieved your information or used any of your information for malicious purposes. We are bringing this incident to your attention in an abundance of caution so you can take any action necessary to reduce the potential for harm.

Background
On or about March 10, 2019, American Baptist Homes of the Midwest (“ABHM”) became a victim of a cybersecurity incident. The incident occurred when an unauthorized party gained access to ABHM’s computer system and infected the system with malware. The malware encrypted many of ABHM’s records, which made them inaccessible, in an effort to extort money. This is commonly known as ransomware. We discovered the malware very shortly after it encrypted our records on March 10th and were able to stop the incident and secure the affected accounts

What Information may have been accessed
Although the incident did not impact our clinical and billing system, it affected company emails and general file systems. Due to the nature of the computer servers and the information stored on them, the unauthorized party may have had access to names and addresses of individuals whose data was maintained by ABHM. Other information, including, social security numbers, medical information (such as diagnosis, lab results and medications) and financial information may also have been included in what the unauthorized party was able to see. The following ABHM locations were affected:

  • Thorne Crest Senior Living, Albert Lea, MN
  • Tudor Oaks Senior Living, Muskego, WI
  • Elm Crest Senior Living, Harlan, IA
  • Health Center at Franklin Park, Denver, CO
  • Maple Crest Health Center, Omaha, NE
  • Mountain Vista Senior Living, Wheat Ridge, CO
  • Trail Ridge Senior Living, Sioux Falls, SD
  • Crest Services- Albert Lea, MN, Cedar Rapids, IA, Des Moines, IA, Harlan, IA, Ottumwa, IA, Chariton, IA

It appears that your information may have been accessible to the unauthorized party. However, at this time ABHM has no evidence that any resident information was retrieved or misused in any way.

What we are doing to protect you
ABHM acted quickly to address the issue and was able to recover and regain control of the files and end the incident after only a few hours.

We engaged a data forensics firm to ensure all systems were free of malware and assist in the backup recovery of our systems. In addition to addressing the immediate issue, ABHM has adopted further safeguards going forward. ABHM brought in a third-party security expert to perform an in-depth security risk assessment, enhanced its technological security requirements (for example, we strengthened password requirements and implemented electronic procedures that terminate access to ABHM systems after a series of failed attempts) and engaged a 24/7 security monitoring system to safeguard and protect all ABHM data. ABHM has also informed law enforcement and the Office for Civil Rights at the U.S. Department of Health and Human Services.

What you can do to protect yourself

You can read more on their site. This is another instance of not offering patients any credit monitoring services.

Category: Health DataMalwareU.S.

Post navigation

← FBI has seized Deep Dot Web and arrested its administrators
Hackers Withdraw 7,000 Bitcoins in Binance Crypto Exchange Security Breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
  • CISA Alert: Updated Guidance on Play Ransomware

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.