DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

NY: Home care agency notifies more than 92,000 after ransomware attack

Posted on March 12, 2021 by Dissent

Back in January, Sodinokibi (REvil) threat actors added Preferred Home Care of New York to their dark web leak site. At the time, the threat actors did what they usually do — they posted a few screencaps as proof of access. The screencaps showed directories of folders and images of identity cards of people working for the agency.  The threat actors have not added any additional files or data dump since then.

On January 26, DataBreaches.net emailed the home care agency to ask them about the claimed attack and its impact. They never answered.

But on March 10, external counsel for agency submitted a copy of a notification letter being sent out about the breach. The letter states that the breach occurred on January 8 and was discovered on January 9.

The type of information accessed varied depending on the individual, but may have included your name, contact and demographic information such as address, email, phone number, and date of birth; financial information such as bank account number; and Social Security number; and medical information related to health assessments, physicals, drug screens, vaccinations and TB tests, as well as FMLA and worker’s compensation claims.

The letter was sent on March 10 to 92,283 individuals. In it, Allen Hymowitz, Administrator, wrote:

Currently, we are not aware of any fraudulent activity or misuse of anyone’s information as a result of the incident. Furthermore, we do not believe that the use of personal information was the primary motive behind the third party’s actions.

So what do they believe the primary motive was? Simply to have the data to exert pressure on the agency? Despite that statement, Preferred did offer those being notified a complimentary one-year membership of Experian IdentityWorksSM Credit 3B.

DataBreaches.net sent a second inquiry to Preferred Home Care this morning but again, received no reply. This post may be updated if a reply is received.

 

Related posts:

  • TeamGhostShell posts “master list” of 548 leaks (so far)
  • Accellion’s data breach left clients in tough position: pay extortion to criminals, or have their data dumped (with updates)
  • “Without Undue Delay,” Part 2
Category: Commentaries and AnalysesHealth DataU.S.

Post navigation

← Meanwhile, over in Germany…
NY: Buffalo Public Schools hit with ransomware event →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.