DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

UAE: Moorfields Eye Hospital in Dubai sees more staff and patient data dumped

Posted on September 13, 2021 by Dissent

In August, threat actors calling themselves AvosLocker announced that they had attacked Moorfields NHS UK & Dubai. DataBreaches.net’s investigation at that point indicated that the data they provided as proof came from the Dubai hospital and did not involve any UK personnel or patients. In a statement to this site, Moorfields confirmed that there had been a breach but that it only impacted Dubai, and those Dubai patients who had some identity information stolen had been notified.

On September 1, the threat actors dumped the remainder of the data they had exfiltrated from the specialty eye hospital.

Screencap from AvosLocker Leak Site
Image: Redacted by DataBreaches.net

Inspection of the newest data dump reveals that a lot of the files concerned  business functions and personnel — resumes, credentials, and related personnel files. While Moorfields had previously indicated that they were contacting patients whose information may have been involved, they did not mention what they were doing about all the doctors and staff whose information was accessed, acquired, and now dumped.

While DataBreaches.net did not see any evidence that an EHR system had been acquired and dumped, the dumped data did include patient information.  As noted at the time of the first data dump, there were  spreadsheets for scheduling purposes that included patients’ names, time of appointment, ID number, diagnosis, tests run, and insurance information. But there were also other kinds of files containing patient information, and some were more detailed records with relevant medical history. DataBreaches.net also noted patient referral forms with personal and medical information on named patients.

A separate file contained more than 1,100 photocopies of patients’ passports.

And as is too often the case, some of the stolen files were old patient-related records. In this case, there were insurance billings for some patients, and billings to clients of the hospital in 2015 and 2016 such as a police department, an embassy, a major oil company, and an airline. The entities were billed for services provided to their named employees/patients. Other files were from even earlier years.

DataBreaches.net does not know the notification laws that would apply to this breach, although Dubai law appears to follow GDPR and incorporate some aspects of the CCPA.

DataBreaches.net sent an email inquiry to Moorfields yesterday to ask what they were doing in response to this latest dump, but has received no reply by the time of this publication. This post may be updated if a reply is received.

AvosLocker LogoPalo Alto Networks’ Unit 42 Blog has a recent write-up on AvosLocker, and SuspectFile has more on the new variant of the locker, .avos2.

 

Related posts:

  • Forbes Breach Email Statistics
  • Moorfields Eye Hospital investigating cyberattack on Dubai hospital, notifying patients
  • TeamGhostShell posts “master list” of 548 leaks (so far)
  • A further 512 websites hacked and defaced by HaX.R00T
Category: Breach IncidentsHealth DataMalwareNon-U.S.

Post navigation

← Technology giant Olympus hit by BlackMatter ransomware
Fitness Tracker Data Exposed 61 Million Records and User Data Online →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.