DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

IA: Wolfe Eye Clinic victim of Lorenz threat actors

Posted on May 7, 2021 by Dissent

There is no notice of any cyberattack on the web site of Wolfe Eye Clinic in Iowa, but the clinic has been investigating and addressing an alleged attack for more than one month now while patient care continues at their multiple locations.

On April 1, threat actors known as Lorenz added the clinic to its relatively new dedicated leak site. Unlike some other dedicated leak sites that appear to just dump data to pressure victims into paying extortion demands, Lorenz has offered downloads for which interested parties — or the victim — can buy the key to open. The threat actors also seem to be offering to sell access to the clinic’s internal network.

Lorenz lists Wolfe Clinc files for sale
Image: DataBreaches.net

Lorenz did not post any proof of claim for Wolfe Clinic that can be accessed without a key or password, but it is possible to download the archives and see what contents are listed, as the redacted partial screencap below illustrates:

Some of the files uploaded by Lorenz
Image: Partial screencap, redacted by DataBreaches.net

DataBreaches.net reached out to Wolfe Clinic, who provided the following statement:

The Wolfe Eye Clinic is aware of targeted efforts to access data on its systems. We are currently working with a team of forensic experts to fully understand the extent and implications of these incidents, which includes an earlier  email phishing attempt.

While these types of situations have become all too common with health care providers nationwide, we recognize the significance of these events and quickly took the appropriate steps to address them once we became aware of their occurrence. Our comprehensive assessment is ongoing and may span a few more weeks. We are committed to sharing more information when it becomes available.

Wolfe Eye Clinic’s systems are fully operational, and our team has continued to provide high-quality patient care the entire time, whether it be an exam or surgical procedure. Likewise, we remain diligent against further intrusion efforts and are prepared to manage them accordingly.

The incident does not yet appear on HHS’s public breach tool, and it is not yet clear whether patient data was accessed or acquired. Nor has the clinic revealed whether their files were encrypted at all.

DataBreaches.net will provide updates if more details become available.

Updated June 22:  AP has an update on this incident that states that the attack occurred on Feb. 8 and may have impacted as many as 500,000.  Neither HHS nor those impacted appear to have been notified yet.

Category: Breach IncidentsHealth Data

Post navigation

← Za: NCape municipality battles devastating ransomware attack
Four Individuals Plead Guilty to RICO Conspiracy Involving “Bulletproof Hosting” for Cybercriminals →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.