Cyber Incident Victim: Lorien Health Services

On June 6, 2020, Lorien Health Services, a Maryland-based operator of nine nursing homes and a rehabilitation facility, detected a ransomware attack on its systems. The incident involved Netwalker ransomware operators, who exfiltrated data before encrypting files. Lorien immediately engaged cybersecurity experts to investigate the breach, which concluded within four days that unauthorized access to sensitive personal information had occurred. The compromised data included residents' names, Social Security numbers, dates of birth, addresses, health diagnoses, and treatment details, alongside employee information. The company reported the breach affected 47,754 individuals in its notification to the U.S. Department of Health and Human Services.

Netwalker operators publicly claimed responsibility in mid-June 2020 after Lorien declined to pay the ransom, publishing directory listings with 2020 timestamps and admission records as evidence. They subsequently leaked a 147MB password-protected archive labeled "Part 1" via a file-sharing service, accompanied by an unlock key, implying additional data dumps might follow. Lorien notified all potentially impacted residents via letters on June 16, 2020—two days after the attackers' disclosure—detailing the breach and offering complimentary credit monitoring and identity protection services. The company coordinated with the Federal Bureau of Investigation to share incident details for investigative purposes. No further data releases or operational disruptions beyond the initial encryption and theft were documented in the available report.