Meal delivery service PurFoods announces major data breach

An organisation that provides home delivery meals has revealed that around 1.2 million people’s personal data may be at risk, after the company suffered a ransomware attack earlier in the year.

PurFoods, which offers up a service called Mom’s Meals, helps to provide meals for folks in a variety of different personal situations. From its site:

We work with over 500 health plans, managed care organisations, governments, and agencies to provide access to meals for people covered under Medicare and Medicaid, as well as the opportunity for individuals to order meals on their own.

The PurFoods notification reveals that suspicious account behaviour was first seen back in February of this year. An investigation concluded that at some point between January 16 and February 22, 2023, a cyberattack took place. Certain files in the PurFoods network were encrypted, and investigators also noticed tools present which can be used for data exfiltration. As a result, PurFoods says it “can’t rule out” the possibility that data was exfiltrated from one of its file servers.

The notice stresses that so far there has been no evidence of data being misused, which will be some measure of relief for those using the service. Even so, an abundance of caution has led to a variety of advice for those who think they may be impacted.

Here’s who could be affected by the breach according to PurFoods:

The individuals whose information was involved included clients of PurFoods who received one or more meal deliveries, as well as some current and former employees and independent contractors.

The data potentially at risk, which is quite significant, includes:

  • Date of birth
  • Driver’s license/state identification number
  • Financial account information
  • Payment card information
  • Medical record number
  • Medicare and/or Medicaid identification
  • Health information
  • Treatment information
  • Diagnosis code
  • Meal category and/or cost
  • Health insurance information
  • Patient ID number
  • Social Security numbers were involved for less than 1% of the total population, most of which are internal to PurFoods.

PurFoods began sending out notification letters by mail on August 25, which included specific information with regard to identity theft protection and availing of “identity restoration services and complimentary credit monitoring”. There’s also a dedicated call center line for people who may have further questions about the breach: (866) 676-4045.

At this point in time, there’s no additional information with regard to the specific ransomware used or whether additional extortion tactics were deployed. The notification does state that this incident is unrelated to the MOVEit attack from a few months prior

This could potentially prove to be costly for the food provider. As The Register notes, many search results for this breach lead to law firms on the lookout for potential clients impacted by the ransomware attack. We may have to wait a while to see if any data actually does leak online, or if PurFoods reveals any more information about the attackers behind the compromise. For now, if you receive a notification letter we suggest keeping a close eye on your finances, watch out for targeted phishing, and call the PurFoods helpline if you are concerned.

How to avoid ransomware

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; disable or harden remote access like RDP and VPNs; use endpoint security software that can detect exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Malwarebytes EDR and MDR remove all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.