Lorien Health Services in Maryland disclosed a ransomware attack which occurred in early June. In the attack the data was stolen and encrypted.
The Netwalker ransomware operators were found to be behind the attack who leaked the information when Lorien didn’t make the ransom payment.
Lorien Health Services is a family-owned nursing home for the elders and it runs nine locations in Baltimore, Carroll, Harford, and Howard counties, as well as a rehabilitation and fitness facility.
According to the company, the incident was detected on June 6 and they hired cybersecurity experts to start an investigation and determine the impact.
After four days, it was found that the hackers managed to access the personal information and it may have included residents’ names, Social Security numbers, dates of birth, addresses, and health diagnosis and treatment information as well as employee data.
The breach notification sent to the Secretary of Health and Human Services states that the number of impacted persons is 47,754.
Lorien announced the breach publicly now but the Netwalker operators publishing screenshots of directory listings with 2020 date stamps and admission records as proof of breach in mid-June itself.
At present, some of the data was dumped online. A password-protected archive of 147MB is currently available via a file-sharing service.
The unlock key for the archive was published by the hackers and they have labeled this cache “Part 1,” which indicates that there might be more data leak in the future.
Netwalker ransomware operation started under the name Mailto in October 2019 and rebranded in February this year. The usually targets corporate networks vulnerable to remote desktop hacks. However, the Lorien issue indicates that they are not picky about who they attack.
All the affected residents have been notified by Lorien on June 16, two days after the hackers announced the attack.
Image Credits : The Baltimore Sun