Carespring Healthcare says October cyber attack impacted over 75,000 patients

Carespring Healthcare Management, a Loveland, Ohio-based nursing home facility, said that a data security incident it suffered last year compromised the sensitive personal information of more than 76,000 patients and staff.

 

In a filing with the Office of Maine Attorney General, Carespring said that on October 28, 2023, it became aware of a data security incident that affected its internal network. The healthcare provider immediately launched an investigation, with assistance from eternal cyber security experts, to determine the nature and scope of the incident.

 

“After an extensive forensic investigation and document review, we discovered on July 16, 2024, that between October 12, 2023, and October 30, 2023, a limited amount of information stored on our network may have been accessed and/or acquired by an unauthorised individual,” reads the filing.

 

The compromised data included full names, addresses, driver’s licence numbers, passport numbers, Social Security numbers, medical information, health insurance information, financial information, credit card information, and tax identification numbers.

 

Carespring’s filing with the Maine state regulator revealed that at least 76,719 individuals were impacted by the data security incident.

 

“We have no indication that there has been any fraud as a result of this incident. Nevertheless, out of an abundance of caution, on August 15, 2024, Carespring began notifying individuals whose personal information may have been impacted to the extent Carespring had their last known address,” reads a notice of data security incident on Carespring’s website.

 

While the healthcare provider found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

It has also offered one year of complimentary identity protection and credit monitoring services through Kroll to all affected individuals.