Even ransomware couldn’t resist a taste of Mom’s Meals

PurFoods, operating under the business name ‘Mom’s Meals,’ has recently disclosed a significant data breach that has affected the personal information of around 1.2 million customers and employees. The breach was a result of a ransomware attack, underscoring the importance of robust cybersecurity practices in today’s business landscape.

A Trusted Service Provider Faces Data Compromise

Mom’s Meals, known for its medical meal delivery service catering to both self-paying customers and individuals eligible for government assistance programs, is now grappling with the aftermath of a notable data breach.

The breach came to light on February 22nd, 2023, when unusual network activity triggered an investigation. The company soon determined that a ransomware attack had compromised their systems, leading to the encryption of certain files. Acting swiftly, Mom’s Meals initiated an investigation with the support of external cybersecurity experts to understand the scope and nature of the breach.

The investigation revealed that the cyberattack had occurred between January 16th and February 22nd, 2023. During this period, unauthorized access to files within the network took place, resulting in their encryption.

In early March 2023, indications of network disruptions became evident. An anonymous Mom’s Meals employee shared concerns about work interruptions and delayed payments attributed to an “internet issue.” This anecdotal perspective provided a tangible glimpse into the real-world implications of cyber incidents.

Extent of the Compromise

Following a thorough analysis by PurFoods, the parent company, the extent of the breach became clearer. The intrusion had taken place on January 16th, 2023, using common cyber tools to gain unauthorized access to the network. A comprehensive investigation concluded on July 10th, 2023, determining that the attackers had accessed a range of sensitive data, including:

• Dates of birth
• Driver’s license information
• State identification numbers
• Financial account details
• Payment card information
• Medical record identifiers
• Medicare and Medicaid details
• Health records
• Treatment specifics
• Diagnosis codes
• Meal category and associated costs
• Health insurance particulars
• Patient identification numbers
• Social Security Numbers (affecting over 1% of the impacted individuals)

This breach has repercussions for various parties, encompassing recipients of Mom’s Meals, current and former employees, and independent contractors. The breadth of the impact, as reported in PurFoods’ official breach filing with the Office of the Maine Attorney General, underscores the necessity for robust cybersecurity measures.

If you liked this article, we advise you to read our previous article about the new UK voters data breach. Follow us on Twitter and LinkedIn for more content.