Cyber attack on North Carolina nursing facility impacted over 100,000 patients

North Carolina-based nursing facility Hillcrest Convalescent Centre said that the data security incident it suffered last year compromised the sensitive personal information of more than 106,000 individuals.

 

Headquartered in Durham, North Carolina, and operating since 1951, Hillcrest Convalescent Centre provides long-term care, short-term rehabilitation, and specialised nursing services. 

 

In a data security incident notice published on its website, Hillcrest said that on June 27, it identified suspicious activity in its internal network. The nursing facility immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“Through the investigation, Hillcrest discovered unauthorised access to its network that led to the unauthorised acquisition of some Hillcrest data,” reads the notice.

 

The compromised data included names, dates of birth, Social Security numbers, patient data, medical information, treatment information, health insurance information, and health care provider information.

 

In a filing with the Office of Maine Attorney General, Hillcrest said that it has identified at least 106,194 individuals who were impacted by the cyber security incident.

 

“Upon learning of this event, we promptly initiated an investigation to review and enhance our security systems. We also reported the incident to law enforcement in an effort to hold the perpetrators accountable,” Hillcrest added.

 

The nursing facility has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. It has also offered one year of complimentary identity protection and credit monitoring services through TransUnion to all affected individuals.

 

At the time of publishing, no known hacker group has claimed responsibility for the ransomware attack on Hillcrest. The nursing facility also did not share details on who was behind the cyber attack, how much data was compromised, or whether it has received a ransom demand.