185K people’s sensitive data in the pits after ransomware raid on Cherry Health

185K people's sensitive data in the pits after ransomware raid on Cherry Health

April 18, 2024 at 10:14AM

A ransomware attack on Michigan-based Cherry Health led to the theft of sensitive data from nearly 185,000 individuals, including health and financial information. The healthcare organization immediately investigated the incident and notified affected individuals, offering 12-24 months of credit monitoring. The attack, similar to recent high-profile incidents, highlights the ongoing threat posed by ransomware attacks in the healthcare sector.

It appears that Cherry Health, a Michigan-based healthcare organization, experienced a ransomware attack in December 2023 which led to the theft of sensitive data belonging to nearly 185,000 individuals. The stolen data includes a range of personal details such as names, email and home addresses, phone numbers, dates of birth, health insurance information, patient ID numbers, prescription information, financial account information, and social security numbers. The organization reported the breach to the Office of the Maine Attorney General and mentioned that the severity of the breach may have been downplayed in the initial notification.

Cherry Health has assured the affected individuals that there is currently no evidence of their information being misused, but as a precautionary measure, they are offering 12-24 months of credit monitoring. The attack type was identified as ransomware, although the responsible criminal group has not yet come forward. It’s worth noting that ransomware attacks often involve the use of stolen data as leverage to extort the victim. This incident follows a recent disruptive event at Change Healthcare, which has incurred significant remediation costs for its parent company, UnitedHealth.

Let me know if there’s anything else you need assistance with!

Full Article