Carespring Data Breach Exposes Personal and Medical Information of Nearly 77,000 PatientsData includes names, dates of birth, physical addresses, Social Security Numbers, medical and diagnosis information, and health insurance details.ByIonut ArghireAugust 19, 2024FlipboardRedditWhatsappEmailOhio nursing home Carespring Healthcare Management is notifying approximately 77,000 individuals that their personal and medical information was compromised in a data breach that dates back to October 2023.The incident was discovered on October 28, 2023, but the investigation into whether data was exfiltrated from the nursing home’s network took roughly nine months.Last week, Carespring started sending written notification letters to the potentially affected individuals, and informed the Maine Attorney General’s Office that the information of 76,719 people was likely compromised in the breach.“After an extensive forensic investigation and document review, we discovered on July 16, 2024, that between October 12, 2023, and October 30, 2023, a limited amount of information stored on our network may have been accessed and/or acquired by an unauthorized individual,” Carespring said.Potentially compromised information, according to an incident notice, includes names, dates of birth, addresses, Social Security Numbers, medical and diagnosis information, and health insurance information.Carespring said that it had no evidence that the compromised information has been used for fraud, but recommends that both employees and patients remain vigilant “in reviewing financial account statements on a regular basis for any fraudulent activity”.The organization is providing the potentially impacted individuals with 12 months of free identity monitoring services, including credit monitoring, fraud consultation, and identity theft restoration.The investigation into the incident, carried out by professionals and law enforcement, is still ongoing, Carespring said.Advertisement. Scroll to continue reading.Industrial Cybersecurity ConferenceWhile Carespring did not share details on the type of cyberattack it fell victim to in October, its name appeared on the Tor-based leak sites of several ransomware groups.On November 10, 2023, the Noescape ransomware group listed Carespring on their site, claiming the theft of 364GB of data from the nursing home. This year, Carespring was added to Hunters’ leak site in February and to LockBit’s in May.