The New Jewish Home over the weekend confirmed it notified 104,234 people of a January 2024 data breach that compromised names, Social Security numbers, payment card information, financial account info, medical record info, medical treatment info, addresses, passport numbers, and dates of birth.
Ransomware group ALPHV/BlackCat claimed responsibility for the attack at the time, saying it stole “more than 2k employee and clients documents ( SSN DL Passport.) Documents proving misuse of donated funds.” (sic)
The New Jewish Home, an older adult health care system in New York City, has not verified ALPHV/BlackCat’s claim. We don’t yet know whether The New Jewish Home paid a ransom, how much ransom ALPHV/BlackCat demanded, or how attackers breached The New Jewish Home’s network. Comparitech contacted The New Jewish Home for comment and will update this article if it responds.
The notice to victims states, “On January 7, 2024, The New Jewish Home became aware of unauthorized activity on the our network. We immediately began an investigation with the assistance of third-party forensic specialists. The investigation determined an unauthorized actor accessed certain files on our network.”
The New Jewish Home is offering victims free identity theft protection and credit monitoring via Equifax.
Who is ALPHV/BlackCat?
ALPHV/BlackCat is responsible for some of the most high profile ransomware attacks of the past few years, including major attacks on LoanDepot, Prudential Insurance, Fidelity, VF Corporation, and Change Healthcare.
ALPHV/BlackCat went dark after the Change Healthcare attack in March 2024, when it reportedly pulled off an exit scam. ALPHV allegedly stole a $22 million ransom payment and pulled the rug out from under its affiliates, who were never paid. The attack on The New Jewish Home most likely happened before ALPHV/BlackCat’s exit. The last attack claimed by ALPHV (unconfirmed) was in April 2024.
To date, Comparitech researchers have logged 203 confirmed ransomware attacks claimed by ALPHV/BlackCat, affecting over 67.6 million records. 25 of these attacks were on healthcare companies.
Ransomware attacks on US healthcare
In addition to data theft, ransomware attacks on hospitals, clinics, and other healthcare-related companies can disrupt operations and lead to life-threatening consequences. Targeted organizations are forced to pay a ransom to restore their systems and avoid the sale or publication of stolen data.
Comparitech recorded 56 confirmed ransomware attacks on US healthcare organizations so far in 2024, affecting more than 6.4 million records. This attack on the New Jewish Home is the 10th-largest attack by number of affected records.
The average ransom for a ransomware attack on a US healthcare company is $825,000, according to our data. We’ve tracked another 105 unconfirmed ransomware claims on healthcare organizations so far this year.
About The New Jewish Home
The New Jewish Home is a nonprofit older adult healthcare system in New York City, with campuses in Manhattan, The Bronx, and Westchester County. It offers rehabilitative services, skilled nursing, senior housing, and home health programs. According to its website, NJH cares for more than 4,000 New Yorkers per year, and employs more than 1,400 people.
Source link