DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

WA: Sea Mar Community Health Centers discloses breach that began last year

Posted on October 30, 2021 by Dissent

Sea Mar Community Health Centers in Washington state is a community-based organization that describes itself as being committed to providing quality and comprehensive health, human, housing, educational and cultural services to diverse communities, specializing in service to Latinos in Washington state.

On some exact date that is unknown to DataBreaches.net, threat actors gained access to Sea Mar’s network and exfiltrated what they claimed was 3 TB of data. The incident was posted on Marketo’s leaked data site in June. In Sea Mar’s case, Marketo claimed to have 201 bids for their data back in July.

Listing on Dark Web Site
July listing on Marketo’s site.  The Marketo leak site is not online at this time. 

As they did with all of their listings, Marketo uploaded a small proof of claims archive of files.  It contained a few photos of identified pediatric dental patients. Each one held a sign with their name, date of birth, and date of photo.  There were also a few insurance-related forms with patient information.

The proof pack appeared to be only files from 2013, and  DataBreaches.net requested some proof of more recent data, but never really saw any, although Marketo claims that they had data that was as current as 2020.

Sea Mar did not respond to inquiries sent to it on June 24 about the attack and listing on Marketo.  Nor did it respond to requests sent to it via its web site on July 21 and via Twitter DM on July 21 or a fourth request sent on July 28.

This week, Sea Mar issued a notice about the incident. Notice when Sea Mar said they were informed in the notice below. In their notice, they write:

On June 24, 2021, Sea Mar was informed that certain Sea Mar data had been copied from its digital environment by an unauthorized actor. Upon receipt of this information, Sea Mar immediately took steps to secure its environment and commenced an investigation to determine what happened and to identify the specific information that may have been impacted. In so doing, Sea Mar engaged leading, independent cybersecurity experts for assistance. As a result, Sea Mar learned that additional data may have been copied from its digital environment between December 2020 and March 2021. Sea Mar thereafter began collecting contact information needed to provide notice to potentially affected individuals, which was completed on August 30, 2021.

The data types involved included:

name, address, Social Security number, date of birth, client identification number, medical / vision / dental / orthodontic diagnostic and treatment information, medical / vision / dental insurance information, claims information, and / or images associated with dental treatment.

So protected health information was in the hands of criminals since last December, and people are first finding out now.

Sea Mar does not appear to be telling those notified that some data was dumped on the dark web and clearnet and other data was up for sale or bidding. Marketo’s site seems to be down at this time. If it reopens, will Sea Mar data be dumped or sold? And what will Sea Mar do then in terms of notification?  This incident has not appeared on HHS’s breach tool by the time of this posting.

Updated Nov. 6, 2021:  This incident showed up on the Maine Attorney General’s site as impacting 651,500. Their external counsel reported that the breach was discovered on August 30, 2021.  Well, we know that’s not quite accurate if “discovered” means when they first learned there had been a breach of their system — that was already pretty clear in June and their letter to the state admits that they were informed on June 24 that data had been removed.

The incident has not yet shown up on HHS’s breach tool.  Marketo’s leak site is online.

 

Category: Breach IncidentsHackHealth Data

Post navigation

← Ca: Toronto Transit Commission says investigation underway amid ransomware attack
‘Black Shadow’ hackers leak data from Israeli LGBT app →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach
  • Oklahoma Expands its Security Breach Notification Law
  • Ransomware group Gunra claims to have exfiltrated 450 million patient records from American Hospital Dubai.
  • North Shore University Sleep Disorders Center employee charged with secretly recording patients in restrooms
  • When ransomware listings create confusion as to who the victim was
  • Rajkot civic body’s GIS website hit by cyber attack, over 400 GB data feared stolen
  • Taiwan’s BitoPro hit by NT$345 million cryptocurrency hack
  • Texas gastroenterology and surgical practice victim of ransomware attack
  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President
  • North Dakota Enacts Financial Data Security and Data Breach Notification Requirements

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Florida ban on kids using social media likely unconstitutional, judge rules
  • State Data Minimization Laws Spark Compliance Uncertainty
  • Supreme Court Agrees to Clarify Emergency Situations Where Police Don’t Need Warrant
  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.