Cyber Incident Victim: Westminster Ingleside King Farm Presbyterian Retirement Communities
Date:
Nov 2017
Location:
United States of America
Summary
Westminster Ingleside King Farm Presbyterian Retirement Communities experienced a criminal malware attack potentially compromising residents' personal information, including names, addresses, dates of birth, Social Security numbers, and protected health information, though financial data was unaffected. The organization found no evidence of actual misuse but could not definitively rule out unauthorized access, prompting notifications to 5,228 individuals and the provision of credit monitoring services. Remediation efforts included malware removal, forensic investigation, firewall upgrades, implementation of dual-factor authentication, credential resets, and enhanced staff training to prevent future incidents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 21, 2017, Westminster Ingleside King Farm Presbyterian Retirement Communities, Inc. (“Ingleside”) discovered it had been targeted by a criminal malware attack. The organization immediately launched software to locate and remove the malware from its systems while engaging independent computer forensics experts to investigate the incident’s origin and scope. The forensic investigation failed to identify conclusive evidence that unauthorized third parties accessed or exfiltrated data, but Ingleside could not definitively rule out potential compromise of resident information due to the nature of the attack. The potentially exposed data included names, addresses, dates of birth, Social Security numbers, and protected health information, though financial transaction details and payment information were confirmed unaffected. Ingleside maintained multiple security mechanisms prior to the incident but acknowledged the evolving threat landscape necessitated further enhancements. The organization delayed public notification until January 19, 2018, after completing its investigation and verifying contact details for impacted individuals.
Ingleside mailed notification letters to 5,228 potentially affected residents, offering complimentary credit monitoring and identity theft restoration services through Kroll as a precautionary measure. The organization established a dedicated toll-free call center operational weekdays from 8:00 a.m. to 8:00 p.m. Eastern Time to address resident inquiries. Remedial actions included firewall and antivirus upgrades, mandatory credential resets for all users, implementation of dual-factor authentication, and enhanced staff training on unauthorized access detection. Notification materials provided guidance on obtaining free credit reports via AnnualCreditReport.com and placing fraud alerts through Equifax, Experian, and TransUnion, including full contact details for these agencies. Ingleside reported the incident to the U.S. Department of Health and Human Services as affecting 5,228 individuals while emphasizing no evidence of actual information misuse had been identified. The organization expressed regret for any inconvenience caused and reiterated its commitment to resident data protection throughout its response communications.