hooded hacker at a laptop

A data breach at a Maryland long-term care provider potentially exposed the personal information of almost 50,000 residents to hackers.

According to published reports, Lorien Health Services — which offers assisted living, skilled nursing and rehabilitation at nine locations in Maryland — was the victim of a ransomware incident in which data from 47,754 residents was stolen and then encrypted by NetWalker, which has a history of attacking healthcare organizations. NetWalker posted screenshots of the stolen information after Lorien refused to pay the ransom demand.

“Lorien takes the privacy and protection of personal information very seriously,” Lou Grimmel, Lorien Health Services CEO, told McKnight’s Senior Living. “We continue to work with our cybersecurity experts to further safeguard our network.”

Lorien posted information on its website on July 17 stating it “experienced a data security incident that encrypted some of its information. Upon detecting the incident, Lorien immediately engaged a team of cybersecurity experts to assist with its response and to determine whether any personal information may have been accessed during the incident.”

The breach reportedly occurred June 6. June 10, the investigation found that personal information — including residents’ names, Social Security numbers, dates of birth, addresses, and health diagnoses and treatment information — had been accessed.

Lorien stated that it reported the matter to the FBI and notified all potentially affected residents by letter on July 16, with information about steps residents could take to protect their personal information. Lorien also offered complimentary credit monitoring and identity protection services through ID Experts to anyone affected by the incident.