DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

WA: Sea Mar Community Health Centers discloses breach that began last year

Posted on October 30, 2021 by Dissent

Sea Mar Community Health Centers in Washington state is a community-based organization that describes itself as being committed to providing quality and comprehensive health, human, housing, educational and cultural services to diverse communities, specializing in service to Latinos in Washington state.

On some exact date that is unknown to DataBreaches.net, threat actors gained access to Sea Mar’s network and exfiltrated what they claimed was 3 TB of data. The incident was posted on Marketo’s leaked data site in June. In Sea Mar’s case, Marketo claimed to have 201 bids for their data back in July.

Listing on Dark Web Site
July listing on Marketo’s site.  The Marketo leak site is not online at this time. 

As they did with all of their listings, Marketo uploaded a small proof of claims archive of files.  It contained a few photos of identified pediatric dental patients. Each one held a sign with their name, date of birth, and date of photo.  There were also a few insurance-related forms with patient information.

The proof pack appeared to be only files from 2013, and  DataBreaches.net requested some proof of more recent data, but never really saw any, although Marketo claims that they had data that was as current as 2020.

Sea Mar did not respond to inquiries sent to it on June 24 about the attack and listing on Marketo.  Nor did it respond to requests sent to it via its web site on July 21 and via Twitter DM on July 21 or a fourth request sent on July 28.

This week, Sea Mar issued a notice about the incident. Notice when Sea Mar said they were informed in the notice below. In their notice, they write:

On June 24, 2021, Sea Mar was informed that certain Sea Mar data had been copied from its digital environment by an unauthorized actor. Upon receipt of this information, Sea Mar immediately took steps to secure its environment and commenced an investigation to determine what happened and to identify the specific information that may have been impacted. In so doing, Sea Mar engaged leading, independent cybersecurity experts for assistance. As a result, Sea Mar learned that additional data may have been copied from its digital environment between December 2020 and March 2021. Sea Mar thereafter began collecting contact information needed to provide notice to potentially affected individuals, which was completed on August 30, 2021.

The data types involved included:

name, address, Social Security number, date of birth, client identification number, medical / vision / dental / orthodontic diagnostic and treatment information, medical / vision / dental insurance information, claims information, and / or images associated with dental treatment.

So protected health information was in the hands of criminals since last December, and people are first finding out now.

Sea Mar does not appear to be telling those notified that some data was dumped on the dark web and clearnet and other data was up for sale or bidding. Marketo’s site seems to be down at this time. If it reopens, will Sea Mar data be dumped or sold? And what will Sea Mar do then in terms of notification?  This incident has not appeared on HHS’s breach tool by the time of this posting.

Updated Nov. 6, 2021:  This incident showed up on the Maine Attorney General’s site as impacting 651,500. Their external counsel reported that the breach was discovered on August 30, 2021.  Well, we know that’s not quite accurate if “discovered” means when they first learned there had been a breach of their system — that was already pretty clear in June and their letter to the state admits that they were informed on June 24 that data had been removed.

The incident has not yet shown up on HHS’s breach tool.  Marketo’s leak site is online.

 

Related posts:

  • Would Sea Mar Community Health even know about large patient data dumps if not for DataBreaches.net?
  • Sea Mar Community Health Centers Hit with Class Action Suits Over 2021 Data Breach
  • A data breach that put 688,000 patients at risk just became … even worse
  • Yet more data from the Sea Mar Community Health Center data breach appears on the internet
Category: Breach IncidentsHackHealth Data

Post navigation

← Ca: Toronto Transit Commission says investigation underway amid ransomware attack
‘Black Shadow’ hackers leak data from Israeli LGBT app →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.