Data breach at Houston home healthcare firm leaks SSNs, credit cards, medical info

Houston home healthcare company In-Home Attendant Services yesterday confirmed it notified 22,100 people about an October 2024 data breach that compromised the following personal info:

  • Names
  • Social Security numbers
  • Government-issued ID number (e.g. driver’s license, passport)
  • Financial account numbers
  • Credit and debit card numbers
  • Medical info
  • Health insurance info
  • Dates of birth
  • Mailing addresses
  • “Other” info

In-Home Attendant Services on October 22, 2024 posted an announcement that said, “Hello, we are currently experiencing technical difficulties that prevent us from responding to calls and email messages.”

Ransomware group ThreeAM claimed responsibility for the breach on October 31, 2024.

in home attendant services threeam ransomware

In-Home Attendant Services has not verified ThreeAM’s claim. It reported the breach to the Texas Attorney General. We do not yet know if the company paid a ransom, how much ThreeAM demanded, how attackers breached the company’s network, or if In-Home Attendant Services will offer victims free credit monitoring and/or identity theft protection. Comparitech contacted In-Home Attendant Services for comment and will update this article if it responds.

Who is ThreeAM?

ThreeAM, or 3AM, first surfaced in September 2023 as an alternative to LockBit, a prominent ransomware strain. ThreeAM rose to prominence when organizations began blocking LockBit on their networks.

Comparitech researchers have recorded four confirmed ransomware attacks claimed by ThreeAM since it began operations, plus 43 unconfirmed claims.

ThreeAM attacked two other healthcare organizations: Kootenai Health in February 2024 (464,088 records compromised) and Carolina Arthritis Center in October 2024.

Ransomware attacks on US healthcare

Ransomware attacks on hospitals, clinics, and pharmacies can steal data and lock down computer systems used for everything from accessing medical records to bill payments. Providers might be forced to cancel appointments and switch to pen-and-paper processes until a ransom is paid to unlock their computer systems.

In 2024 so far, we logged 124 confirmed ransomware attacks on US hospitals, clinics medical device manufacturers, pharmaceutical companies, and other care providers. Those attacks compromised 116,475,098 records in total, with an avergae ransom of $5.1 million.

Elsewhere in the healthcare industry, we tracked recent ransomware attacks against Aspen Healthcare Services (8,000+ records breached by Everest), Equinox (21,000+ records breached by LockBit), and PracticeSuite (13,000+ records breached by RansomHub).

Another 171 such attacks were claimed by ransomware gangs but not acknowledged by targeted organizations.

About In-Home Attendant Services

In-Home Attendant Services is a home healthcare company in Houston, Texas. It sends personal attendants to assist mainly elderly and disabled patients. It employs between 200 and 500 people, according to its LinkedIn profile.