Cyber Incident Victim: Professional Healthcare Management
Date:
Sep 2021
Location:
United States of America
Summary
Professional Healthcare Management experienced a ransomware attack compromising servers containing protected health and personal information of clients and employees. The organization engaged forensic experts to investigate and restore systems, determining that exposed data potentially included names, Social Security numbers, health insurance identifiers, prescription details, and diagnosis codes. While no evidence of data misuse was found, PHM notified affected individuals and offered complimentary identity monitoring services. The incident prompted implementation of enhanced cybersecurity safeguards, policy revisions, and additional employee training to mitigate future risks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On September 14, 2021, Professional Healthcare Management, Inc. (PHM), a Memphis-based company managing five home healthcare entities, discovered it had fallen victim to a sophisticated ransomware attack targeting its servers. The compromised systems contained protected health information and personal data belonging to clients and employees. Upon detection, PHM immediately initiated containment measures by securing affected infrastructure and restoring operations through system recovery procedures. The organization engaged third-party forensic and incident response specialists to investigate the attack's origin, methods, and full scope, though this investigation remained ongoing at the time of their public disclosure. Preliminary analysis confirmed unauthorized access to sensitive data categories including full names, Social Security numbers, health insurance identifiers (Medicaid, Medicare, and private insurance numbers), prescription details, and medical diagnosis codes.
PHM began mailing breach notifications to potentially impacted individuals, accompanied by offers of complimentary identity monitoring services, while acknowledging no evidence of actual data misuse had been identified. The company attributed its disclosure to regulatory compliance obligations under HIPAA rather than confirmed exploitation of stolen data. In parallel with victim outreach, PHM implemented enhanced cybersecurity safeguards, revised internal policies and protocols, and expanded employee training programs to prevent future incidents. Chief Information Officer Amanda Egner publicly characterized the event as part of a widespread pattern of ransomware attacks affecting thousands of organizations, expressing regret for the concern caused while emphasizing PHM's commitment to information security. The organization advised affected individuals to monitor financial accounts and credit reports for suspicious activity, providing contact details for the Federal Trade Commission and identitytheft.gov to facilitate fraud reporting.