Security News > 2020 > February > Ransomware Attack on EHR Vendor Impacts Home Health Chain

A home healthcare company has filed 17 breach reports after a ransomware attack on its cloud-based electronic health records vendor last December, illustrating once again how a vendor breach can have a wide impact.

Personal Touch Home Care, a Lake Success, New York-based provider that has 17 offices in six states, recently submitted the breach reports on behalf of its various locations to the U.S. Department of Health and Human Services, according to the HHS Office for Civil Rights' HIPAA Breach Reporting Tool website, which lists health data breaches affecting 500 or more individuals.

A sample breach notification letter that Personal Touch Home Care filed with the Vermont attorney general office says the incident involved a ransomware attack on Wyomissing, Pa.-based Crossroads Technologies, which hosts the home healthcare provider's cloud-based electronic health records.

Crossroads notified Personal Touch on Dec. 1, 2019, about a breach involving a ransomware attack on Crossroads' Pennsylvania data center where the home health agency's records are hosted, the notification states.

As a result of the attack on its EMR vendor, Personal Touch was unable to access electronic patient records for "Only a few days." During that time, Personal Touch used its emergency business continuity protocols, including resorting to paper records, she notes.

News URL

https://www.inforisktoday.com/ransomware-attack-on-ehr-vendor-impacts-home-health-chain-a-13751