DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

IA: Wolfe Eye Clinic victim of Lorenz threat actors

Posted on May 7, 2021 by Dissent

There is no notice of any cyberattack on the web site of Wolfe Eye Clinic in Iowa, but the clinic has been investigating and addressing an alleged attack for more than one month now while patient care continues at their multiple locations.

On April 1, threat actors known as Lorenz added the clinic to its relatively new dedicated leak site. Unlike some other dedicated leak sites that appear to just dump data to pressure victims into paying extortion demands, Lorenz has offered downloads for which interested parties — or the victim — can buy the key to open. The threat actors also seem to be offering to sell access to the clinic’s internal network.

Lorenz lists Wolfe Clinc files for sale
Image: DataBreaches.net

Lorenz did not post any proof of claim for Wolfe Clinic that can be accessed without a key or password, but it is possible to download the archives and see what contents are listed, as the redacted partial screencap below illustrates:

Some of the files uploaded by Lorenz
Image: Partial screencap, redacted by DataBreaches.net

DataBreaches.net reached out to Wolfe Clinic, who provided the following statement:

The Wolfe Eye Clinic is aware of targeted efforts to access data on its systems. We are currently working with a team of forensic experts to fully understand the extent and implications of these incidents, which includes an earlier  email phishing attempt.

While these types of situations have become all too common with health care providers nationwide, we recognize the significance of these events and quickly took the appropriate steps to address them once we became aware of their occurrence. Our comprehensive assessment is ongoing and may span a few more weeks. We are committed to sharing more information when it becomes available.

Wolfe Eye Clinic’s systems are fully operational, and our team has continued to provide high-quality patient care the entire time, whether it be an exam or surgical procedure. Likewise, we remain diligent against further intrusion efforts and are prepared to manage them accordingly.

The incident does not yet appear on HHS’s public breach tool, and it is not yet clear whether patient data was accessed or acquired. Nor has the clinic revealed whether their files were encrypted at all.

DataBreaches.net will provide updates if more details become available.

Updated June 22:  AP has an update on this incident that states that the attack occurred on Feb. 8 and may have impacted as many as 500,000.  Neither HHS nor those impacted appear to have been notified yet.

Category: Breach IncidentsHealth Data

Post navigation

← Za: NCape municipality battles devastating ransomware attack
Four Individuals Plead Guilty to RICO Conspiracy Involving “Bulletproof Hosting” for Cybercriminals →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Plastic surgeons often store nude photos of patients with their identity information. When would we call that “negligent?”
  • India: Servers of two city hospitals hacked; police register FIR
  • Ph: Coop Hospital confirms probe into reported cyberattack
  • Slapped wrists for Financial Conduct Authority staff who emailed work data home
  • School Districts Unaware BoardDocs Software Published Their Private Files
  • A guilty plea in the PowerSchool case still leaves unanswered questions
  • Brussels Parliament hit by cyber-attack
  • Sweden under cyberattack: Prime minister sounds the alarm
  • Former CIA Analyst Sentenced to Over Three Years in Prison for Unlawfully Transmitting Top Secret National Defense Information
  • FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Anne Wojcicki Wins Bidding for 23andMe
  • Would you — or wouldn’t you?
  • New York passes a bill to prevent AI-fueled disasters
  • Synthetic Data and the Illusion of Privacy: Legal Risks of Using De-Identified AI Training Sets
  • States sue to block the sale of genetic data collected by DNA testing company 23andMe
  • AI tools collect and store data about you from all your devices – here’s how to be aware of what you’re revealing
  • 23andMe Privacy Ombudsman Urges User Consent Pre-Data Sale

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.