Cherry Health

Yesterday, healthcare company, Cherry Street Services, Inc. (“Cherry Health”), began notifying 184,372 of a data breach following a ransomware attack in December 2023. The stolen data includes health insurance and patient ID numbers, treatment information, Social Security numbers, prescription details, and financial account details, putting patients at risk of health benefits fraud and identity theft.

In its notification, Cherry Health states that it experienced a network disruption on December 21, 2023. This prevented them from accessing certain systems. It launched an investigation with a third party and learned that some data had been accessed. Upon completing the investigation on March 25, it began notifying affected customers. In the notification on the Maine Attorney General’s site, it describes the incident as a ransomware attack.

No ransomware groups have publicly claimed responsibility for the attack. We have contacted Cherry Health for more information on the attack and will update this article with its response.

Affected data includes first and last names in combination with one or more of the following:

  • Addresses
  • Phone numbers
  • Dates of birth
  • Health insurance information
  • Health insurance ID number
  • Patient ID number
  • Provider name
  • Service date
  • Diagnosis/treatment information
  • Prescription information
  • Financial account information
  • Social Security numbers

We recommend those affected take up Cherry Health’s free year of credit monitoring via IDX while also monitoring credit reports and accounts for any unauthorized activity.

Ransomware attacks on US healthcare organizations

This attack on Cherry Health joins 124 other confirmed ransomware attacks on US healthcare organizations in 2023 alone. These attacks affected 17,683,124 records and counting. So far this year, we have logged 10 attacks on the healthcare industry, affecting 853,111 records.

Ransomware attacks on US healthcare organizations not only cause widespread issues due to the sensitive nature of the data stolen but they can also cripple key systems. This often has a devastating impact on patient services as hospitals and clinics may have to resort to pen and paper and cancel certain appointments/divert patients elsewhere until systems are restored.

In 2023, we found that a ransomware attack on a healthcare company led to an average downtime of 18.71 days.

About Cherry Street Services, Inc. (“Cherry Health”)

Cherry Health is based in Grand Rapids, Michigan, and describes itself as ‘Michigan’s largest Federally Qualified Health Center (FQHC).’ It operates across over 20 locations and employs over 800 people, covering Barry, Kent, Montcalm, Muskegon, Ottawa and Wayne counties.