DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Correction and Update: Mount Locker team denies responsibility for Sonoma Valley Hospital attack

Posted on November 15, 2020 by Dissent

On November 9, DataBreaches.net published “Without Undue Delay” which catalogued health sector ransomware attacks where attackers had dumped patient data as part of an attempt to pressure their victims into paying ransom.  That report was a companion to a post arguing that patients need to be notified sooner of ransomware dumps than HIPAA’s 60-day window might seem to allow.

In the report, DataBreaches.net wrote that the Mount Locker team was reportedly claiming responsibility for an October attack on
Sonoma Valley Hospital in California, and had reportedly dumped 75 GB of data. This site qualified its statements because

DataBreaches.net was unable to find any actual data dump, although the hospital’s name does appear on the threat actor’s leak site. The dump, reported by a well-known site, may have been removed as part of some renewed negotiations or something.

DataBreaches.net reached out to the threat actors to ask them about the reported dump, and today, received a response that denied they had attacked Sonoma Hospital. A spokesperson wrote:

Sadly to say our cartel partner did that. Mount team never attacks hospitals or direct infrastructure such as airports / water supply / etc.
When asked to comment on the incident, they added:
We believe the risk of human death is extremely far from our business. But some cartel members don’t care...
But why did HealthITSecurity report that Mount Locker had claimed responsibility for the Sonoma attack and had leaked data from it? According to their spokesperson, posting a link to the data was a mistake that they corrected:
We have removed a link. It was a repost from a partner that appeared on the news site due to a mistake by our staff. This should not happen anymore.
What partner? What cartel? Didn’t Maze claim that there was no Maze cartel other than in journalists’ minds? What cartel or partner is Mount Locker referring to? Rather than guess or speculate, DataBreaches.net put the question to them.  Let’s see if they provide additional information.
And while it may sound ridiculous to some to apologize to threat actors, DataBreaches.net does apologize for the error in the “Without Undue Delay” report that incorrectly attributed the Sonoma Valley Hospital attack to them. This site’s main thesis, however — that entities notify to patients quickly when threat actors dump data as part of a ransomware incident — is unaltered by that error.

 

Category: Health DataMalwareU.S.

Post navigation

← Delaware Division of Public Health Announces Data Breach Incident Involving COVID-19 Results
Seine-Saint-Denis. Cyberattack at Bondy town hall: a complaint has been filed →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas gastroenterology and surgical practice victim of ransomware attack
  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President
  • North Dakota Enacts Financial Data Security and Data Breach Notification Requirements
  • Pro-Ukraine hacker group Black Owl poses ‘major threat’ to Russia, Kaspersky says
  • Vanta bug exposed customers’ data to other customers
  • Lyrix Ransomware Targets Windows Users with Advanced Evasion Techniques
  • Central Maine Healthcare tackles suspected cybersecurity issue; hospitals remain open
  • Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Agrees to Clarify Emergency Situations Where Police Don’t Need Warrant
  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.