Cyber Incident Victim: Lincare Holdings

On April 18, 2017, Purity Cylinder/Airway Oxygen, a Michigan-based company later identified in public records as part of Lincare Holdings, discovered ransomware had been deployed on its network. The discovery triggered an investigation to assess the nature and scope of the incident. While forensic analysis found no evidence that protected health information (PHI) was accessed, exfiltrated, or acquired by unauthorized actors, the company determined the ransomware infection created a potential risk to patient data confidentiality. The compromised systems contained sensitive information, including patient names, addresses, dates of birth, medical diagnoses, health insurance details, and Social Security numbers.

In early June 2017, Airway Oxygen began notifying approximately 500,000 individuals whose information was present on the affected systems during the ransomware attack. The company filed a breach report with the Vermont Attorney General’s Office, citing the incident's discovery date and the lack of confirmed data misuse. By June 22, 2017, the breach appeared on the U.S. Department of Health and Human Services (HHS) public breach portal, officially documenting the exposure of half a million records. Airway Oxygen offered affected individuals one year of complimentary credit monitoring and identity protection services as a precautionary measure. The company did not disclose the specific ransomware variant involved, initial attack vectors, or containment timelines beyond the April 18 detection date. No operational disruptions or financial demands related to the ransomware were described in public notifications.