Cyber Incident Victim: Agency for Community Treatment Services, Inc.
Date:
Oct 2020
Location:
United States of America
Summary
A ransomware attack compromised portions of the organization's server and data infrastructure, prompting immediate system shutdowns and restoration with enhanced security measures. The forensic investigation could not confirm specific individuals affected due to the incident's complexity but identified potential unauthorized access to personal and protected health information, including names, birth dates, Social Security numbers, medical records, treatment details, and insurance data. Notification letters were sent to potentially impacted patients, with complimentary credit monitoring and identity protection services offered as a precaution despite uncertainty about actual data compromise.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 23, 2020, the Agency for Community Treatment Services, Inc. (ACTS) detected a ransomware attack compromising portions of its server and data infrastructure. Forensic investigations later determined unauthorized actors first accessed ACTS’ systems on October 21, 2020, with ransomware deployment occurring two days later. ACTS immediately took affected systems offline and initiated restoration efforts using backups, implementing additional high-level security mechanisms and monitoring during recovery. The organization engaged a professional forensic firm to investigate the breach’s scope and determine potential data exposure. The investigation confirmed the incident involved unauthorized access to personal information and protected health information of patients treated between 2000 and 2013, including names, dates of birth, Social Security numbers, medical records, treatment details, and health insurance information. Forensic analysts could not identify specific compromised individuals due to the attack’s complexity and perpetrators’ efforts to conceal their activities, leaving the full extent of data exfiltration undetermined.
ACTS began notifying potentially affected individuals via mailed letters starting December 22, 2020, targeting patients with valid addresses on file. The organization emphasized that many recipients might not have actually had data compromised, citing existing security controls that likely hindered unauthorized access. As a precaution, ACTS offered complimentary credit monitoring and identity theft protection services to impacted individuals. A dedicated assistance line (800-242-9418) operated weekdays from 9:00 a.m. to 9:00 p.m. EST addressed inquiries about potential involvement. While system restoration proceeded with minimal service disruption due to functional backups, ACTS continued collaborating with security experts to strengthen infrastructure protections against future incidents. The breach’s 13-year potential data exposure window reflected the age of affected records rather than prolonged system vulnerability prior to detection.