Cyber Incident Victim: ARcare
Date:
Jan 2022
Location:
United States of America
Summary
ARcare experienced a malware incident enabling unauthorized access to its systems over a period of unauthorized activity, potentially compromising personal and medical information including names, Social Security numbers, financial data, medical diagnoses, prescriptions, and health insurance details. The breach impacted approximately 345,000 individuals, with no evidence of actual misuse identified; the organization responded by securing systems, conducting an investigation, and notifying affected parties while enhancing security measures to prevent future incidents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
ARcare, a healthcare provider based in Arkansas, experienced a malware incident that enabled unauthorized access to its computer systems between January 18, 2022, and February 24, 2022. The organization detected the security disruption on February 24, 2022, prompting immediate system containment measures and the initiation of a forensic investigation. By March 14, 2022, investigators confirmed that an unauthorized actor potentially accessed or acquired sensitive data during the 37-day intrusion window. ARcare subsequently conducted a comprehensive review of the affected files, which concluded on April 4, 2022, confirming the exposure of personal and medical information. The compromised data included names, Social Security numbers, driver's license or state identification numbers, dates of birth, financial account information, medical treatment details, prescription records, diagnosis information, and health insurance data. ARcare initially withheld the affected population count in its public communications, with neither its website notice nor PRNewswire release disclosing victim numbers. The organization formally reported the incident to regulators on April 25, 2022, with the U.S. Department of Health and Human Services later documenting the breach as affecting 345,353 patients in its public disclosure tool. ARcare maintained throughout its communications that it had no evidence of actual or attempted misuse of the compromised information.
In response to the incident, ARcare implemented immediate system security measures upon detection and engaged forensic specialists to determine the breach scope. The organization developed notification protocols based on its April 4 data review findings, initiating individual notifications and regulatory filings on April 25, 2022. Affected individuals received guidance to monitor account statements, review explanation of benefits forms, and obtain free credit reports through annualcreditreport.com. ARcare established a dedicated toll-free response line (833-783-1354) operational Monday through Friday during Central Time business hours and provided a physical mailing address for written inquiries. Internally, the organization initiated policy and procedure reviews to strengthen data protection measures and evaluated additional security controls to prevent recurrence. While reiterating no evidence of information misuse, ARcare advised potential victims about fraud alert options through major credit bureaus and provided contact information for relevant state attorneys general. The breach notification included specific guidance for New York and North Carolina residents regarding state-level consumer protection resources. ARcare's public communications emphasized their commitment to information security while acknowledging the ongoing risk of identity theft stemming from the exposure of sensitive personal identifiers and health data.