Senior living community system acknowledges ransomware attack

A recent ransomware attack against American Baptist Homes of the Midwest, which operates senior living communities in five states, has put residents’ data at risk.

The religious-affiliate organization, with communities in Iowa, Colorado, Nebraska, Minnesota, South Dakota and Wisconsin, may have exposed the personally identifiable information of an undisclosed number of residents.

On March 10, a hacker gained access to the organization’s computer system and infected it with malware that encrypted medical records in an attempt to extort money.

“We engaged a data forensics firm to ensure all systems were free of malware and assist in the backup recovery of our systems,” noted a letter sent to residents about the incident. “ABHM brought in a third-party security expert to perform an in-depth security risk assessment, enhanced its technology security requirements, strengthened password requirements, implemented electronic procedures that terminate access to systems after a series of failed attempts, and engaged a 24/7 security monitoring system to safeguard and protect all data.”

American Baptist Homes-CROP.jpg

The letter aimed to minimize the extent to which resident information was exposed. “At this time, there is no evidence that the unauthorized party retrieved your information or used any of your information for malicious purposes,” it noted. “We are bringing this incident to your attention in an abundance of caution so you can take any action necessary to reduce the potential for harm.”

However, the organization acknowledged that the unauthorized party may have access to names, addresses, Social Security numbers, medical information and financial information and may have had access to patient information. “However, at this time, ABHM has no evidence that any patient information was retrieved or misused in any way.”

Also See: How hospitals can prepare for the next WannaCry style attack

“Please be assured we have taken every step necessary to address this incident, and we are committed to fully protecting all of the information you have entrusted to us,” wrote Jeff Hongslo, CEO and president, in the notification letter.

Currently, however, American Baptist Homes of the Midwest is not offering credit monitoring or identity theft protection services to residents.

The organization did not respond to a request for additional information and comment.

For reprint and licensing requests for this article, click here.