Law Enforcement Health Benefits (LEHB), a health and welfare fund for Philadelphia police officers, sheriffs, and county detectives, has revealed that it suffered a ransomware attack last year.
According to the organization, attackers started encrypting files stored on its network on September 14, 2021.
A subsequent investigation led to the discovery on February 25 that “certain impacted files” containing members’ personal information may have been removed from the network by unauthorized parties.
An entry in the US Department of Health and Human Services (HSS) breach portal indicates that more than 85,000 members may have been affected.
“The impacted information includes names, dates of birth, Social Security numbers, driver’s license numbers, financial account numbers, health insurance information, and medical information,” says the firm in a statement (PDF).
“Not all LEHB members had information impacted, and not all of the above data elements were impacted for each person.”
Complimentary credit monitoring
The health plan provider says it’s not aware of any cases of identity fraud or improper use of information as a result of the incident, but that it’s contacting affected members and offering complimentary credit monitoring services to those whose Social Security numbers were potentially accessed.
It also recommends that members should place fraud alerts or security freezes on credit files, and request a free credit report.
“Cybersecurity threats continue to evolve and as a result, LEHB has taken additional steps to secure its network and improve internal procedures to identify and remediate future threats,” it says.
“LEHB continues to assess and update its internal policies and procedures in order to minimize the risk of a similar incident in the future.”
The healthcare sector has been particularly hard hit by ransomware since the start of the Covid-19 pandemic, with the FBI’s 2021 Internet Crime Report revealing earlier this month that of all critical infrastructure sectors, it was healthcare that faced the most ransomware attacks last year.
The HHS, meanwhile, says it received reports of data breaches from 578 healthcare organizations in 2021 (PDF), impacting over 41.45 million individuals.
The Conti ransomware group has been responsible for a large number of these incidents, successfully attacking at least 16 US healthcare organizations and first responder networks during the year – as well as Ireland’s Health Service Executive and Department of Health.