DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

UT: Astro Team threat actors dump patient-related files allegedly from Eduro Healthcare

Posted on May 18, 2021 by Dissent

Eduro Healthcare is a Salt Lake City, Utah based company providing transitional care, skilled nursing and rehabilitation services, and assisted living.

Eduro provides an email address to use for contact. Sadly, it does not work. Nor do they seem to respond to contact form messages. Or emails to their executives.

On April 7, a relatively new group of threat actors called Astro Team added Eduro Healthcare to their dedicated leak site, claiming to have exfiltrated 40 GB of data.  Astro Team’s ransomware has reportedly been linked to Mount Locker ransomware.

On April 23, Astro Team dumped all the data, presumably because Eduro failed to pay unspecified ransom demands. Whether Eduro ever responded at all is unknown to DataBreaches.net. Nor can DataBreaches.net report with confidence that Eduro’s system(s) were encrypted, but given what is known about Astro Team, it seems plausible.

Astro Team Listing for Eduro
IMAGE:DATABREACHES.NET

What this site can report with somewhat greater confidence, however, is that the data dumped includes what appears to protected health information (ePHI).  The following screencaps, taken by DataBreaches.net and redacted by DataBreaches.net,  show that there were files with EOBs (Explanation of Benefits) from health insurers. EOBs may include patient names, health insurance information, date of birth, diagnoses, and treatment codes, as well as dates of services and amounts.  Financial statements related to named patients for 2015-2018 were included in the dump, sorted by insurance carrier, as well as Medicaid audits and billing records.

Nursing Facillity Level of Care Form
IMAGE AND REDACTION: DATABREACHES.NET

In one folder alone, there were more than 8,000 scanned files relating to patient accounts or services and billing, including past due letters and attempts to locate patients whose accounts were unpaid.

DataBreaches.net did not attempt to calculate the number of unique patients, but noted that the data were old: 2015-2018 and there were numerous references to Rio at Cabezon.

Eduro Healthcare acquired Rio at Cabezon in May, 2018, and in its latest email inquiry to Eduro, DataBreaches.net asked whether it was possible a legacy server had been compromised. There was no answer.

No incident involving Eduro has appeared on HHS’s public breach tool, and there has been no mention of any breach on Eduro’s web site or Facebook page.

Based on the data dump, the files may have been exfiltrated on March 5, 2021, but even that is not definite. DataBreaches.net made no attempt to contact any patients at this point, hoping that Eduro will issue a statement.

So if this is eventually confirmed as a breach, when did Eduro first discover it? And what, if anything, have they done in response?

DataBreaches.net will update this post is a response is received. DataBreaches.net also reached out to the threat actors. Who knows? Maybe they’ll provide more details.

 

 

 


Related:

  • Two more entities have folded after ransomware attacks
  • Data breach feared after cyberattack on AMEOS hospitals in Germany
  • Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
  • Michigan ‘ATM jackpotting’: Florida men allegedly forced machines to dispense $107K
  • Premier Health Partners issues a press release about a breach two years ago. Why was this needed now?
  • Missouri Adopts New Data Breach Notice Law
Category: Breach IncidentsHealth DataU.S.

Post navigation

← D.C. police identify man who allegedly reposted data stolen from police computers
NC: Update to Allergy Partners ransomware incident →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
  • Hacker group “Silent Crow” claims responsibility for cyberattack on Russia’s Aeroflot
  • AIIMS ORBO Portal Vulnerability Exposing Sensitive Organ Donor Data Discovered by Researcher
  • Two Data Breaches in Three Years: McKenzie Health
  • Scattered Spider is running a VMware ESXi hacking spree
  • BreachForums — the one that went offline in April — reappears with a new founder/owner
  • Fans React After NASCAR Confirms Ransomware Breach
  • Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack (1)
  • Infinite Services notifying employees and patients of limited ransomware attack
  • The safe place for women to talk wasn’t so safe: hackers leak 13,000 user photos and IDs from the Tea app

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Congress tries to outlaw AI that jacks up prices based on what it knows about you
  • Microsoft’s controversial Recall feature is now blocked by Brave and AdGuard
  • Trump Administration Issues AI Action Plan and Series of AI Executive Orders
  • Indonesia asked to reassess data privacy terms in new U.S. trade deal
  • Meta Denies Tracking Menstrual Data in Flo Health Privacy Trial
  • Wikipedia seeks to shield contributors from UK law targeting online anonymity
  • British government reportedlu set to back down on secret iCloud backdoor after US pressure

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.
Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report