Data Exposed in Prospect Medical Holdings and PurFood LLC Cyberattack

Medical Records from Prospect Ransomware Attack Appear on Dark Web

Health records exfiltrated during the latest ransomware attack on Prospect Medical Holdings are purportedly being sold on the dark web-based on social media information. The notice of the sale is viewed as a hint for Prospect Medical Holdings to immediately react to the ransom demands of hackers.

A ransomware attack on Prospect Medical Holdings health system last August 3 crippled the operations in 17 hospitals and 166 outpatient centers. Back then, the attackers were unidentified. Nonetheless, a notice appeared on the Rhysida dark leak website last week stating that it is responsible for the attack.

At the same time, the notice announced a public sale of the data stolen during the attack, which included over 500,000 driver’s licenses, Social Security Numbers, passports of employees and clients, patient files (profiles and medical backgrounds), legal and financial documents. It is said that the sale includes a 1.3TB SQL database and 1TB of unique files.

The notice came with a number of snapshots of the stolen information a few of which are confirmed as authentic by comparing the pictures to publicly accessible information, and a price tag of 50 Bitcoin ($1,298,340). The price tag included in the notice is meant to speed up a ransom payment.

It is unknown at the moment if the sale will continue or if Prospect Medical Holdings will agree to pay the ransom. A few services are still not available and employees in specific medical departments are using paper and pen for recording. A representative for Prospect Medical Holdings likewise gave the message that Prospect Medical is aware that unauthorized actors stole its data and is investigating the nature of the breach. When the investigation confirms the involvement of any protected health or personal data, the health system will send the proper notifications as outlined by applicable legislation. Since the investigation is in progress, additional data is still not available at this time, but Prospect Medical Holdings is taking all necessary steps to handle this incident.

PHI Exposed in Mom’s Meals Data Breach

PurFood LLC, the parent company of the Mom’s Meals home delivery meal service, has posted on its website a Notice of Data Event and submitted a Data Breach Notification to the Maine Attorney General after a cyberattack at the beginning of this year wherein personal data associated with 1,237,681 clients, workers, and contractors is thought to have been compromised.

PurFood LLC, doing business as Mom’s Meals, offers refrigerated ready-to-eat foods across the country to clients with particular nutritional needs. In addition to providing to private clients, the company works together with over 500 health plans, managed care companies, and other organizations to give access to meals for individuals covered by Medicare and Medicaid.

Based on a Notice of Data Event posted on its website, Mom’s Meals encountered a cyberattack from January 16, 2023 to February 22, 2023, that led to encryption of client, worker, and contractor information. An investigation into the cyberattack showed the use of data exfiltration software programs to transmit information from the servers of PurFood.

The investigation confirmed that the encrypted data contained personal data and PHI associated with a number of people. Nevertheless, there is no certainty that information was extracted, and the Notice of Data Event states that the organization has not seen any proof of the misuse or further disclosure of the personal info because of the Mom’s Meals data breach.

Nevertheless, the organization has submitted a Data Breach Notification to the Maine Attorney General and is informing potentially affected individuals through U.S. Mail. During the time of publication, the company name doesn’t appear on the HIPAA Breach Report. Nevertheless, based on the Data Breach Notification, the breach was recorded on July 10, 2023, which is when it was discovered.

What Data is Thought to be Taken From the Mom’s Meal Data Breach?

The data thought to have been stolen in the Mom’s Meal data breach consists of birth dates, account data, driver’s license numbers, payment card details, medical data, medical record numbers, Medicaid and Medicare identifiers, treatment details, diagnosis codes, meal categories and expenses, medical insurance details, patient ID numbers, and Social Security numbers.

To stop a recurrence of the incident, PurFood mentions in its breach notification letter that it implemented a couple of steps to reinforce its security system and is going over its current guidelines and procedures to recognize any extra measures and safety measures that might be required. It is furthermore offering credit monitoring, identity theft restoration, and fraud consultation services for one year.

People who get a breach notification letter associated with the Mom’s Meals data breach are encouraged to sign up for the credit monitoring services offered by the company, look at any communication from Medicare, Medicaid, or an insurance company to make sure the services were obtained (and report any differences), and keep an eye on their credit report, putting a freeze on the credit when they are worried about being an identity theft victim.