PurFoods, which conducts business in the U.S. as ‘Mom’s Meals,’ is warning of a data breach after the personal information of 1.2 million customers and employees was stolen in a ransomware attack.
Mom’s Meals is a medical meal delivery service for self-paying customers or people eligible for government assistance through the Medicaid and Older Americans Act programs.
The firm warns that it identified suspicious activity on its networks on February 22nd, 2023, when files on its systems had been encrypted by ransomware.
“Upon identifying suspicious account behavior on February 22, 2023, we launched an investigation with the help of third-party specialists,” reads the notice.
“The investigation determined that we experienced a cyberattack between January 16, 2023, and February 22, 2023, that included the encryption of certain files in our network.”
Signs of network problems became evident in early March, 2023, while an anonymous Mom’s Meals employee tipped an Iowa news outlet that they had missed work and pay for a week due to “an internet issue.”
PurFoods’ investigation revealed that the company had been breached on January 16th, 2023, and tools commonly used to steal data were found on the network.
A more in-depth investigation concluded on July 10th, 2023, confirming the hackers had accessed the following data:
- Date of birth
- Driver’s license
- State identification number
- Financial account information
- Payment card information
- Medical record number
- Medicare and Medicaid identification
- Health information
- Treatment information
- Diagnosis code
- Meal category and cost
- Health insurance information
- Patient ID number.
- Social Security Numbers (for >1% of the exposed people)
The data breach impacts individuals who have received Mom’s Meals packages, current and former employees, and independent contractors.
According to the PurFoods data breach filing at the Office of the Maine Attorney General, the incident impacted 1,237,681 people.
Those people will receive free-of-charge coverage for 12 months of credit monitoring and identity protection services through Kroll.
The data exposed to cybercriminals is highly sensitive and can allow threat actors to conduct elaborate scams, phishing, and social engineering attacks.
That said, Mom’s Meals customers must remain highly vigilant with all incoming communications, whether through email, SMS text messages, or phone calls.