Cyber Incident Victim: Upstate Homecare
Date:
Nov 2021
Location:
United States of America
Summary
Upstate Homecare experienced a ransomware attack resulting in the theft of sensitive patient data, which was subsequently posted on a darknet leak site. The compromised information included names, dates of birth, contact details, government-issued identifiers, financial account data, treatment records, physician names, patient IDs, and Medicare/Medicaid numbers. Following the incident, the organization conducted a security review, implemented enhanced safeguards, and notified affected individuals while offering complimentary identity theft monitoring services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Upstate Homecare, an Albany, NY-based home healthcare provider, experienced a ransomware attack that resulted in the theft of sensitive patient data. While the exact date of the initial intrusion remains unspecified in available reports, a third-party cybersecurity firm's investigation confirmed on November 4, 2021, that attackers had exfiltrated protected health information and subsequently posted the stolen data to a darknet leak site. The compromised information encompassed extensive personal and medical details, including full names, dates of birth, physical addresses, telephone numbers, email addresses, driver's license numbers, bank account information, Social Security numbers, treatment records, physician names, patient identification numbers, and Medicare/Medicaid identifiers. This breach impacted 5,114 individuals receiving services from the organization. The incident represented a significant compromise of both financial and healthcare data, exposing affected patients to potential identity theft and medical fraud risks due to the comprehensive nature of the stolen information.
Following confirmation of the data theft, Upstate Homecare initiated response measures that included a comprehensive security review of its systems. The organization implemented additional safeguards to strengthen its defenses against future attacks, though specific technical details of these enhancements were not disclosed in breach notifications. On November 24, 2021—three weeks after the data's exposure was confirmed—the provider began notifying all affected individuals about the incident. The notification letters outlined the types of compromised data and offered complimentary identity theft monitoring and restoration services to mitigate potential harm to patients. While the breach notification did not specify whether ransom demands were made or paid, it emphasized the organization's focus on addressing security vulnerabilities revealed by the attack. The incident's discovery through third-party investigation rather than internal detection highlighted potential gaps in the organization's security monitoring capabilities prior to the breach.