Home Health Firm Reports 2nd Cloud Vendor Incident

Breach Notification
Fraud Management & Cybercrime
Incident & Breach Response

Latest Attack Affected 753,000 Patients, Employees

Ransomware: Home Health Firm Reports 2nd Cloud Vendor Incident

A home healthcare company says a data breach affecting more than 753,000 patients, employees and former workers stems from a ransomware attack on its private cloud hosted by managed service providers. The company reported a similar incident 15 months ago.

See Also: Live Webinar | Mitigating the Risks Associated with Remote Work

Lake Success, New York-based Personal Touch Holding Corp., which operates about 30 Personal Touch Home Care subsidiaries in about a dozen states, says it discovered on Jan. 27 that “it experienced a cybersecurity attack on the private cloud hosted by its managed service providers.”

The notification statement does not name the vendors involved.

A breach notification report filed with the Maine attorney general’s office notes that the incident involved ransomware and affected 753,107 individuals, including 93 residents of that state.

PTHC declined to provide additional information about the incident to Information Security Media Group.

In January 2020, PTHC submitted 16 breach reports on behalf of its subsidiaries in six states to the Department of Health and Human Services. Those involved a ransomware attack on Wyomissing, Pennsylvania-based Crossroads Technologies, which hosted the home healthcare provider’s cloud-based electronic health records (see: Ransomware Attack on EHR Vendor Impacts Home Health Chain).

Patient, Employee Data…