HQ/EMEAFind out how we can help your business
Mom’s Meals, a medical meal delivery service company in the United States, has notified its customers and employees regarding a ransomware attack that resulted in a data breach incident.
The affected entity provides service to self-paying customers or individuals eligible for government assistance via Medicaid and Older Americans Act programs. However, the company warned all relevant individuals that it spotted malicious activity on its network earlier this year after a ransomware attack encrypted its systems.
The firm also stated that they immediately deployed a security team and investigated upon discovering the incident.
Mom’s Meals started to experience the attack last January.
The cyberattack against Mom’s Meals occurred between January 16 and February 22, 2023. The attack led to the encryption of files in the company’s network.
Early signs of network compromise started to appear in March. Such as an anonymous employee claimed on a news outlet that they had omitted work and salary for a week because of an alleged internet issue.
On the other hand, PurFoods, the parent company of Mom’s Meal, explained that their investigation spotted malicious tools commonly used by hackers to steal data.
As of last month, the confirmed data accessed by the hackers are dates of birth, driver’s licenses, state identification numbers, financial account information, payment card information, medical record numbers, health data, treatment details, diagnosis codes, health insurance details, Patient ID numbers, Social Security numbers, and Medicare and Medicaid identification.
The researchers also disclosed that the data breach affects individuals who became recipients of Mom’s Meals packages, independent contractors, and current and former employees. The parent company also announced that they have already filed a data breach incident to the Office of the Maine Attorney General. The file stated that the incident has affected more than 1.2 million individuals.
These affected people will receive a free 12-month subscription to credit monitoring and identity protection services.
Cybersecurity experts recommend that all impacted individuals be vigilant about different communications since the threat actors acquired critical data that could enable them to execute malicious schemes, such as phishing and social engineering campaigns.
