Ohio and Pennsylvania nursing agency notifies 58K people of data breach that compromised SSNs, medical info

Nursing agency HCF Management this week confirmed it notified nearly 58,000 people of a September 2024 data breach that compromised Social Security numbers, addresses, phone numbers, dates of birth, medical info, and health insurance info.

The following HCF facilities reported breaches to the US Department of Health and Human Services, along with the number of victims whose data were compromised:

• HCF of Washington Inc. (“Court House Manor”), OH – 2,489
• HCF of Warren Inc. (“Warren Manor”), PA – 2,709
• HCF of Wapakoneta Inc. (“Wapakoneta Manor”), OH – 1,862
• HCF of Van Wert Inc. (“Van Wert Manor”), OH – 1,604
• HCF of Sweden Valley Inc. (“Sweden Valley Manor”), PA – 1,768
• HCF of Shawnee Inc. (“Shawnee Manor”), OH – 4,395
• HCF of Roselawn Inc. (“Roselawn Manor”), OH – 1,208
• HCF of Piqua Inc. (“Piqua Manor”), OH – 2,969
• HCF of Perrysburg Inc. (“Manor at Perrysburg”), OH – 2,704
• HCF of Hempfield Inc. (“Hempfield Manor”), PA – 4,744
• HCF of Garbry Ridge (“Garbry Ridge”), OH – 512
• HCF of Fox Run Inc. (“The Manor at Greendale”), OH – 2,333
• HCF of Fostoria Inc. (“St. Catherine’s Manor of Fostoria”), OH – 1,253
• HCF of Findlay Inc. (“Fox Run Manor”), OH – 3,986
• HCF of Fairview Inc. (“Fairview Manor”), PA – 2,935
• HCF of Edinboro Inc. (“Edinboro Manor”), PA – 2,844
• HCF of Crestview Inc. (“Village at the Greene”), OH – 1,944
• HCF of Court House Inc. (“St. Catherine’s Manor of Washington Court House”), OH – 3,012
• HCF of Corry Inc. (“Corry Manor”), PA – 2,620
• HCF of Celina Inc. (“Celina Manor”), OH – 2,321
• HCF of Briarwood Inc. (“Briarwood Village”), OH – 2,650
• HCF of Bradford Inc. (“Bradford Manor”), PA – 1,565
• HCF of Bowling Green, Inc. (“Bowling Green Manor”), OH – 3,500

HCF’s notice (PDF) to victims says attackers first breached the company on September 17, 2024, and HCF discovered the breach on October 3, 2024.

Ransomware gang RansomHub claimed responsibility for the attack on October 29, 2024, saying it stole 250 GB of data from HCF.

HCF has not verified RansomHub’s claim. We do not yet know if HCF paid a ransom, how much RansomHub demanded, or how attackers breached HCF’s network. Comparitech contacted HCF for comment and will update this article if it replies.

HCF is offering victims free credit monitoring and identity theft protection via Experian. The enrollment deadline is March 31, 2025.

Who is RansomHub?

RansomHub is the most prolific ransomware gang of the last few months, claiming responsibility for a wave of major data breaches. It runs on a ransomware-as-a-service model in which affiliates pay to use the group’s malware and infrastructure to launch their own attacks and collect ransoms.

RansomHub claimed responsibility for 570 attacks since it began in February 2024. 94 of those attacks were confirmed by the targeted organizations.

Just in the last two weeks, Mission Bank and Community Health Northwest Florida both began issuing data breach notices following RansomHub attacks.

Ransomware attacks on US healthcare

Ransomware attacks on US hospitals, clinics, and other care providers can both steal data and lock down computer systems until a ransom is paid for a key to unlock them. Hospitals might have to cancel appointments and divert patients until systems are restored, which can have life-threatening consequences. Doctors might be unable to communicate with patients, write prescriptions, or access medical records.

In 2024, Comparitech researchers logged 131 confirmed ransomware attacks on US hospitals, clinics, and other direct care providers like HCF. Those attacks compromised 21.8 million records and came with an average ransom demand of $1.03 million.

Other recently confirmed such attacks include Qilin’s breach of CODAC Behaviorial Health, Rhode Island’s largest non-profit opioid treatment providers, and Inc’s attack on Regional Obstetrical Consultants.

About HCF Management

Founded in 1968 and based in Lima, Ohio, HFC Management operates 31 rehabilitation and assisted living facilities in Ohio and Pennsylvania. It employs more than 1,000 people, according to its LinkedIn profile.