Feb 20, 2024

1.2 Million Individuals’ Health Information Stolen in PurFoods Ransomware Attack

1.2 Million Individuals’ Health Information Stolen in PurFoods Ransomware Attack - baby

Earlier this year, the meal delivery service PurFoods experienced a ransomware attack that stole the personal and protected health information of more than 1.2 million individuals. The Iowa-based organization, partnered with health Medicare and Medicaid plans, is the parent of Mom's Meals, a food service that delivers health-focused, refrigerated, ready-to-eat meals throughout the United States. On August 25, in a filing with the Maine Attorney General's Office, PurFoods announced that the ransomware attack occurred in February, impacting Mom's Meals and involved the theft of the personal information of its members through its systems.

While the attack was identified on February 22, reports say that the hackers had access to PurFoods' network for over a month. In a statement to Maine's Attorney General, the company informed that their investigations determined the cyberattack occurred between January 16, 2023, and February 22, 2023, and included the encryption of certain files in the PurFoods network. The investigation also determined that the attackers stole files that stored personally identifiable information and protected the health information of 1,237,681 of its clients. The report claims specifically on those files include:

  • Clients' names
  • Birth dates 
  • Social Security numbers
  • Driver's license numbers
  • Payment card data
  • Financial account information
  • Medical and health information

PurFoods has not shared details on how the data breach occurred, which file-encrypting ransomware was involved, and/or if a ransom was paid in order to restore the stolen encrypted data. However, since the announcement of the data breach, the organization has claimed they have started notifying all impacted individuals of the incident. The organization also claims it has informed the relevant authorities of the incident, including the US Department of Health and Human Services and the three major credit reporting agencies. PurFoods is also providing those affected by the breach with identity theft and fraud protection guidance, as well as access to credit monitoring services. 

 

What You Can Do To Protect Yourself After the PurFoods Data Breach

Data breaches can completely turn a company's system inside out, leaving thousands of individuals' private information exposed to those who would look to do them harm. If you have received a data breach notification from Purfoods, it is imperative that you understand what steps you need to take in order to ensure your personal information is safe. Purfoods customers who suspect their information was stolen during the data breach still have time to protect themselves from further harm. Below, we’ve provided a comprehensive list of steps you should take after your information is stolen due to a data breach.

  • Notify the bank of any suspicious activity
  • Freeze credit history to avoid damage
  • Invest in credit monitoring services
  • Contact a data breach attorney

In order to effectively ensure your information is safe after it’s been stolen or potentially accessed due to a data breach, victims should first notify their bank and freeze their credit report. In doing so, data breach victims are staying one step ahead of the cyber attackers and helping prevent any harmful actions taken against them. Once your accounts and social security number are secured, victims should closely monitor their accounts. Start by requesting frequent credit reports, as well as monitoring your monthly bank statements checking for any irregularities. 

Data breach victims should also consider investing in identity theft and fraud protection services if the company has not yet offered to provide the services. Victims should also highly consider contacting an attorney who can further investigate how and why the unauthorized parties were able to enter the company’s system and what they can do to ensure those liable for their personal information can do to remedy the situation. To learn more information behind the Purfoods data breach, or if you’d like to contact a Morgan & Morgan data breach attorney for more information about your legal options, complete our free, no-obligation case evaluation form today.