156,400 People Have PHI Breached in Personal Touch Home Care Ransomware Attack

by | Mar 2, 2020

The Lake Success, NY-located home health company, Personal Touch Home Care (PTHC), has begun contacting clients to advise them that a ransomware attack on its Wyomissing, PA-based IT vendor, Crossroads Technologies Inc. may have resulted in a portion of their protected health information compromised.

Crossroads advised PTHC on December 1, 2019 that the ransomware attack impacted its Pennsylvania data center where PTHC’s electronic medical records were held. The ransomware attack stopped patient records from being viewed for a number of days. While the EHR system was offline, staff at PTHC used to emergency protocols and employed pen and paper to record patient data.

The encrypted data has now been restored. It is not known whether Crossroads restored the data from backups or if the ransom was paid and if any other healthcare clients were impacted.

The compromised medical records included patient names, addresses, telephone numbers, dates of birth, medical record information, health insurance card numbers, plan benefit numbers, Social Security numbers, and treatment details.

PTHC is not yet certain in relation to the extent to which PHI was compromised and whether the hackers obtained PHI before the encryption of data. At this point in the investigation, no proof has been found to indicate patient information was stolen before the deployment of the ransomware. Crossroads is still looking into the attack.

The incident was made known to the Department of Health and Human Services’ Office for Civil Rights as 17 separate breach reports, one for each of the offices impacted. The data breaches were reported separately as each office is a different legal entity. Overall, the PHI of 156,409 patients and caregivers across 6 states has been impacted. Affected people have been given the chance to register for complimentary credit monitoring and identity theft protection services.

The following offices were impacted by the attack:

Breached Entity State Individuals Impacted
Personal Touch Home Care of VA, Inc. VA 33,324
Personal Touch Home Care of W. VA, Inc. WV 1,169
Personal Touch Hospice of VA, Inc. VA 1,657
Personal Touch Home Care of Mass., Inc. NY 2,015
PT Home Services of San Antonio, Inc. TX 5,930
Personal Touch Home-Aides, Inc. NY 2,633
Personal Touch Home Services of Dallas, Inc. TX 1,700
Personal Touch Home Care of S.E. Mass., Inc. NY 2,863
Personal Touch Home Aides Inc. NY 1,890
Personal Touch Home Care of PA, Inc. NY 9,302
Personal Touch Home Care of Ohio, Inc. NY 15,808
Personal Touch Home Care of Greater Portsmouth, Inc. NY 1,957
Personal Touch Home Aides of Baltimore, Inc. NY 804
Personal Touch Home Care of Baltimore, Inc. NY 9,058
Personal Touch Home Care of KY, Inc. KY 24,013
Personal Touch Home Care of Indiana, Inc. IN 3,593
Personal Touch Home Aides of New York, Inc. NY 38,693

This is the third major business associate ransomware attack to be made known in recent weeks. A ransomware attack was reported by the Albany, NY-based accounting and tax firm BST & Co. CPAs LLC and affected patients of the Community Care Physicians medical network. NRC Health, a supplier of patient survey services and software, also suffered an attack.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy