I haven’t had time nor inclination to investigate all of Maze Team’s claimed victims, but of course, I have kept an eye out for ones involved health data or student data. Thanks to HealthITSecurity, I learned that the threat actors also attacked a chiropractic practice in South Dakota. The practice, called All About Potential Family Chiropractic, PC, is the office of Drs. Scott and Dawn Hourigan.
The Maze Team has already dumped some sample data from their server. Inspection of it reveals a veritable hodgepodge of files: some related to employment, some related to diet, and some definitely revealing protected health information on patients. Those files often include the patient’s full name, the dates of service, their diagnosis(es), and the type(s) of treatment provided. I also saw EOB (explanation of benefits) statements for named patients.
The Maze Team, who curiously mislabeled this victim as RamTek on their news site, has not indicated how many patient-related files they have acquired and there is no notice or statement up on Dr. Hourigan’s site at the time of this posting. DataBreaches.net sent an email inquiry to the practice this morning with a number of questions but has received no response by publication time.