Data Breach Notification
,
Data Privacy
,
Data Security
RansomHub Theft Hit Patients of 2 Dozen HCF Facilities and Home Healthcare Unit

A chain of more than two dozen skilled nursing and rehabilitation facilities is notifying tens of thousands of patients whose information was compromised in a hacking incident last fall. Russian-speaking cybercriminal gang RansomHub claims to have published 250 Gbytes of data stolen in the heist.
See Also: Using the Netskope HIPAA Mapping Guide
HCF Management, a family of companies based in Lima, Ohio, operates healthcare and nursing home facilities in the Buckeye state and Pennsylvania, as well as a home healthcare unit. The company submitted at least 25 data breach reports to federal and state regulators on Jan. 9 related to the hack.
So far, the HCF reports indicate that about 70,000 people were affected by the hack. Heritage Health Care – an HCF home healthcare operation – reported the largest of the HCF breaches – affecting 12,162 people. Hempfield Manor, a rehab, memory support and nursing home in Greensburg, Penn., was the single HCF facility with the most patients reported affected – 4,744.
Ransomware gang RansomHub added HCF to its dark web site on Oct. 29, 2024, and the gang’s website as of Monday claimed to have published 250 Gbytes of HCF’s data.
In its breach notices, HCF said it learned on Oct. 3, 2024, that “a third party” gained unauthorized access to some of its management company’s computer systems. After identifying the incident, HCF said it took steps to secure its network and engaged an external computer forensic firm to assist.
HCF’s investigation found that threat actors gained access to the organization’s IT systems on Sept. 17, 2024, and accessed and acquired documents from those computers. On Nov. 19, 2024, HCF determined the information affected may have included residents’ names, addresses, phone numbers, date of birth, Social Security numbers, medical treatment information, and health insurance information.
As of Monday, HCF was already facing at least two proposed federal class action lawsuits involving the breach, both alleging similar claims including negligence by HCF in failing to secure patients’ sensitive information.
An attorney representing HCF did not immediately respond to Information Security Media Group’s request for additional details about the breach, including whether the organization’s IT systems and data were encrypted with ransomware in the incident – and for comment on the lawsuits.
Other Attacks
The ransomware hack at HCF was among hundreds of similar attacks in the healthcare sector last year that led to major health data breaches.
The healthcare sector ranked third in the number of 2024 ransomware incidents, following attacks on the manufacturing and professional services industries, according to research report released last week by security firm Black Kite.
While RansomHub has been implicated in many high-profile attacks in the healthcare sector – including attacks on Planned Parenthood of Montana and pharmacy chain Rite Aid – over the last year, other ransomware gangs appear to target the sector more frequently as a proportion of their attacks, Black Kite said.
Black Kite found that in 2024, ransomware group Everest led the sector with 25% of its victims in healthcare. Other notable groups targeting healthcare include INC Ransom with nearly 22%, Monti with nearly 21%, and Rhysida with 18.5% of their attacks targeting the sector.
“High-volume groups like INC Ransom and BianLian also have a strong healthcare focus, making them especially dangerous to the sector,” Black Kite said. “Lower on the list, groups like Medusa – 9.3% – and Abyss – 9.1% – target healthcare less frequently but still contribute to its heightened risk profile,” the report said.
Last year, about 4% of ransomware attacks in the healthcare sector occurred at assisted living and retirement homes, Black Kite found.
The most widely targeted organizations in healthcare last year were physician offices – with 25% of the ransomware attacks in the sector, followed by general medical and surgical hospitals at a close second, at 22%, the report said.
Besides HCF and its facilities, Memorial Hospital and Manor, an 80-bed hospital and 107-bed long-term care facility owned and operated by the Hospital Authority of the City of Bainbridge and Decatur County, were also among the small community hospitals and nursing homes facing ransomware incidents last fall (see: Attack Hits Small Rural Georgia Hospital, Nursing Home).
That attack disrupted the hospital and nursing home’s IT systems for several days last November. But as of Monday, the U.S. Department of Health and Human Services’ HIPAA Breach Reporting Tool website does not show a breach report filed by Memorial Hospital and Manor involving the incident.