DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

IA: Wolfe Eye Clinic victim of Lorenz threat actors

Posted on May 7, 2021 by Dissent

There is no notice of any cyberattack on the web site of Wolfe Eye Clinic in Iowa, but the clinic has been investigating and addressing an alleged attack for more than one month now while patient care continues at their multiple locations.

On April 1, threat actors known as Lorenz added the clinic to its relatively new dedicated leak site. Unlike some other dedicated leak sites that appear to just dump data to pressure victims into paying extortion demands, Lorenz has offered downloads for which interested parties — or the victim — can buy the key to open. The threat actors also seem to be offering to sell access to the clinic’s internal network.

Lorenz lists Wolfe Clinc files for sale
Image: DataBreaches.net

Lorenz did not post any proof of claim for Wolfe Clinic that can be accessed without a key or password, but it is possible to download the archives and see what contents are listed, as the redacted partial screencap below illustrates:

Some of the files uploaded by Lorenz
Image: Partial screencap, redacted by DataBreaches.net

DataBreaches.net reached out to Wolfe Clinic, who provided the following statement:

The Wolfe Eye Clinic is aware of targeted efforts to access data on its systems. We are currently working with a team of forensic experts to fully understand the extent and implications of these incidents, which includes an earlier  email phishing attempt.

While these types of situations have become all too common with health care providers nationwide, we recognize the significance of these events and quickly took the appropriate steps to address them once we became aware of their occurrence. Our comprehensive assessment is ongoing and may span a few more weeks. We are committed to sharing more information when it becomes available.

Wolfe Eye Clinic’s systems are fully operational, and our team has continued to provide high-quality patient care the entire time, whether it be an exam or surgical procedure. Likewise, we remain diligent against further intrusion efforts and are prepared to manage them accordingly.

The incident does not yet appear on HHS’s public breach tool, and it is not yet clear whether patient data was accessed or acquired. Nor has the clinic revealed whether their files were encrypted at all.

DataBreaches.net will provide updates if more details become available.

Updated June 22:  AP has an update on this incident that states that the attack occurred on Feb. 8 and may have impacted as many as 500,000.  Neither HHS nor those impacted appear to have been notified yet.

Related posts:

  • Forbes Breach Email Statistics
  • TeamGhostShell posts “master list” of 548 leaks (so far)
  • A further 512 websites hacked and defaced by HaX.R00T
  • Wolfe Clinic notifies patients of Eye Care Leaders breach
Category: Breach IncidentsHealth Data

Post navigation

← Za: NCape municipality battles devastating ransomware attack
Four Individuals Plead Guilty to RICO Conspiracy Involving “Bulletproof Hosting” for Cybercriminals →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.