Jewish Home Lifecare cyber attack compromised more than 100,000 patients' data

News20 Aug 2024

New York-based Jewish Home Lifecare said it experienced a data security incident that compromised the sensitive personal information of more than 100,000 individuals.

In a data breach notice filed with the Office of Maine attorney General, Jewish Home Lifecare, d/b/a the New Jewish Home, which provides healthcare services to the elderly, said that on January 7, it identified unauthorised activity in its internal network.

The healthcare provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and cause of the incident.

The investigation concluded that the threat actors who infiltrated its internal network accessed and stole sensitive personal information of patients and staff. The compromised data included name, address, date of birth, Social Security number, financial account information, payment card information, passport number, and medical record and medical treatment details.

Jewish Home Lifecare’s data breach filing with the Maine state regulator’s office revealed that at least 104,234 individuals were impacted by the data security incident.

“In response to this incident, we conducted a full investigation into the incident, and took steps to strengthen our network security,” JHL said.

While the healthcare provider found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

It has also offered one year of complimentary identity protection and credit monitoring services through Epiq to all affected individuals.

In February, the infamous Alphv/BlackCat ransomware group claimed responsibility for the cyber attack on New Jewish Home and listed the healthcare provider as a victim on its data leak site. The group claimed to be in possession of confidential data, including clinical research databases, financial documents, employee and client documents, and “documents proving misuse of donated funds.”