DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Threat actors attack diagnostic laboratories in Virginia and New York

Posted on December 16, 2020 by Dissent

Attacks on hospitals by ransomware threat actors continue to make headlines, as do attempts to hack laboratories or entities involved in COVID-19 related research. Attacks on diagnostic laboratories without an obvious COVID-19 connection tend to garner fewer headlines but should be of no less concern, as the ability to diagnose health conditions correctly is a precursor to treatment.

This week, DataBreaches.net reached out to two diagnostic labs that have apparently been the victims of ransomware attacks. Neither of these labs are big corporations or chains like LabCorp or Quest. One is located in Virginia and the other has locations in New York and south Florida.

Taylor Made Diagnostics (TMD)

Taylor Made Diagnostics logo

Founded in 1995 by Carolyn Taylor, a registered nurse, Taylor Made Diagnostics in Newport News operates and manages occupational health clinics in the Hampton Roads, Virginia area. As an occupational health service, they provide services including drug testing, CPR training, fit for duty evaluations, vaccinations and respirator fit testing.

Their founder and clinic have won a number of awards and as recently as July 2020, Carolyn Taylor was recognized as the 2020 Hampton Roads Chamber Entrepreneur Award Winner. But now Conti threat actors have created what may be massive privacy breach problems for TMD.

TMD did not respond to multiple inquiries sent to it about Conti’s claims and proffer of proof, but it’s likely from the files the threat actors did upload that a lot of protected health information may have been accessed and  exfiltrated. More than a dozen files reveal personal and medical information on employees of their clients or people referred for evaluations for fitness for duty by applicants to Coast Guard and the like.  Names, addresses, dates of birth, phone numbers, last four digits of SSN (and in some cases, full SSN), images of driver’s licenses, details of medical histories, and lab results and evaluation data are all there… unencrypted.  Some of the files are 20-30 pages of forms and protected health information.

The data that were dumped are not in the kind of convenient tables or spreadsheets that lend themselves to easy misuse, but these files were presumably picked  to motivate TMD into negotiating with the threat actors. Then, too, even just the list of files is somewhat problematic because the filename structure contains the patients’ last name, first name or initial, and DOB.

If TMD responds to the multiple inquiries sent to it, this post will be updated.

Apex Laboratory Inc.

Apex Laboratory logo

Apex Laboratory, Inc. provides diagnostic testing services in its offices in New York and south Florida. The firm, which is headquartered on Long Island, also provides in-home (mobile) or on-site testing for patients in nursing homes or other facilities or who cannot get to their laboratory locations.

Apex was attacked by DoppelPaymer. And as those threat actors have done many times before, they didn’t hold back in dumping proof of attack and acquisition of files with personal and medical information. Some of the files the attackers dumped on December 14 contain specific laboratory test results and diagnostic information, but a bigger problem may be the rosters with patient names and PHI fields like date of birth, SSN,  Medicare Number, Medicaid Number, date of admission to a facility, date of discharge, and in some cases, gender, marital status, religion, and other insurance information.

The rosters, which appear to be from more than a dozen facilities on Long Island, are not current, but contain well over 1,000 patients’ personal and protected health information — data that can be used for identity theft or social engineering, particularly if we are talking about an older population who might be in a nursing home.

Redacted roster information
Rosters from nursing homes or centers serviced by Apex contained a lot of personal and protected health information. Sample redacted by DataBreaches.net.

Not all of Apex’s files dumped by DoppelPaymer are patient records or rosters. Some of the files are routine business files, but even those can be embarrassing for a firm.

Apex did not respond to an inquiry this site sent. If it responds, this post will be updated.

As this site has done with other ransomware attacks on U.S. healthcare entities, this site will continue to monitor leak sites to see if there are updates or if the listings disappear.

As this blogger and site have advocated before: victims need to notify patients quickly if their data has been dumped by threat actors. At least post something to alert people that an attack is being investigated and that patients should be vigilant. Or contact your clients and let them know their patients’ data may have been compromised.

 

 

Related posts:

  • Apex Laboratory confirms ransomware attack; only recently discovered data theft
  • “Without Undue Delay,” Part 2
  • U.S. medical entities fall prey to Pysa threat actors, but many haven’t disclosed it – at least, not yet.
  • KY: Taylor Regional Hospital phone lines still down after reported cyberattack on Monday
Category: Breach IncidentsMalware

Post navigation

← Spotify notifies customers of breach, files under CCPA
OH: Firelands middle school online classes suspended following ‘Zoom bombing’ incident →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.