Lorien Health Services in Maryland announced that it was the victim of a ransomware incident in early June. Data was stolen and then encrypted during the incident.
A family-owned nursing home for the elders, Lorien Health Services runs nine locations in Baltimore, Carroll, Harford, and Howard counties, as well as a rehabilitation and fitness facility.
The company says that the incident was detected on June 6 and contracted services of cybersecurity experts to start an investigation and determine the impact.
After four days, the verdict was that personal information had been accessed by the hackers and it “may have included residents’ names, Social Security numbers, dates of birth, addresses, and health diagnosis and treatment information.” Employee data was also accessed.
According to the breach notification sent to the Secretary of Health and Human Services, the number of impacted individuals is 47,754.
Although Lorien just announced the breach publicly, Netwalker operators made the incident known in mid-June, publishing screenshots of directory listings with 2020 date stamps and admission records as proof of compromise.