DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Hit by Conti ransomware in October, Medical Healthcare Solutions now notifying clients’ patients (Update 1)

Posted on January 27, 2022 by Dissent

On January 21, Medical Healthcare Solutions issued a statement on its website about a ransomware attack, although they do not state that it was a ransomware attack. Nor do they identify the incident as an attack by Conti, but it was.

Medical Healthcare Solutions, Inc. (MHS), recently experienced a cyber-incident that impacted some protected health information (PHI) within its data network. MHS immediately shut down its data system, conducted an extensive investigation, notified law enforcement, and implemented additional security measures. On November 19, 2021, MHS discovered the unauthorized party may have removed files from its network. On January 8, 2022, MHS identified a final list of impacted PHI, and on January 21, 2022, sent notifications by mail to impacted individuals.

Some of the impacted information may have included: name, address, date of birth, sex, phone number, email address, Social Security number, driver’s license/state ID number, financial account number, routing number, payment card number, card CVV/expiration, diagnosis/treatment information, procedure type, provider name, prescription information, date of service, medical record number, patient account number, insurance ID number, insurance group number, claim number, insurance plan name, provider ID number, procedure code, treatment cost, and diagnosis code. MHS is issuing this notice on behalf of its clients, Harvard Medical Faculty Physicians at Beth Israel Deaconess Medical Center and Associated Physicians of Harvard Medical Faculty Physicians at Beth Israel Deaconess Medical Center.

The privacy and security of the personal information MHS maintains on behalf of its clients is of the utmost importance. MHS has established a dedicated assistance line for impacted individuals with questions or concerns at 855-675-3125, Monday through Friday, (except U.S. holidays), from 9 a.m. – 9 p.m., EST, or by mail at P.O. Box 3160, Andover, MA 01810-0803. In addition, MHS is offering impacted individuals up to 24 months of credit monitoring and identity protection services.

Notified individuals should take actions to help protect their information by remaining vigilant in reviewing their account and explanation of benefits statements and consider placing a fraud alert and/or security freeze on their accounts.

When did the attack occur, though, and when did the Massachusetts-headquartered MHS first discover it or should have discovered it?  Conti threat actors added MHS to their dedicated leak site on October 27, 2021, which means that the attack had happened before then, and Conti had presumably been unsuccessful by that time at getting MHS to pay them any ransom demands.

Although MHS’s website statement does not reveal when the initial attack occurred, a filing by MHS to the state reports that their investigation revealed that files had been exfiltrated from their network between October 1 and October 4.

So could they have discovered the breach in early October instead of November 19? And how did they discover it on November 19? Was it because of a ransom demand with proof of claim or because some journalist contacted them to inquire about Conti listing them on their leak site?  Or did they discover this through their own internal defenses?

On January 15, Conti leaked what they claim represents 95% of the files that they exfiltrated from the business associate.

Conti leaked data in parts
Image:DataBreaches.net

MHS’s statement does not disclose that data have been, and remain, freely available on both the dark web and clear net (Conti has a clearnet mirror). And while they offer those affected 24 months of mitigation services, DataBreaches.net continues to maintain that entities should inform people when they know that data has been leaked and is being circulated or shared.

Although the incident may have been reported to HHS by now, it does not yet appear on HHS’s public breach tool so we do not know the total number of patients reportedly impacted by this breach if MHS reports on behalf of their clients (some clients may choose to report on their own).

A notification with a template of MHS’s notice to individuals has been submitted to the Massachusetts Attorney General’s Office, however, and appears below.  As of the time of this publication, however, the incident has not been added to the state’s public list of breaches, so we do not know how many Massachusetts residents were impacted by this.

This post may be updated as more details become available.

Update 1: This incident was reported to Massachusetts on January 24, 2022 as impacting 118,417 Massachusetts residents. It has not yet shown up on HHS’s breach tool (they are only as current as Jan. 21 as of the time of this publication).

25854-MedicalHealthcareSolutions

Category: Breach IncidentsHealth DataMalwareSubcontractorU.S.

Post navigation

← Conti ransomware hits Apple, Tesla supplier
QNAP users angry after NAS drives are updated to combat DeadBolt ransomware →

1 thought on “Hit by Conti ransomware in October, Medical Healthcare Solutions now notifying clients’ patients (Update 1)”

  1. Österreicher says:
    January 28, 2022 at 9:59 am

    I received the letter, and I am downloading the stuff from Conti right now. Curious if I can find myself in there … Worst thing is, Beth Israel is still doing business with the MHS dorks. I just received another bill yesterday.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Possible ransomware attack disrupts Maine and New Hampshire Covenant Health locations
  • HHS OCR Settles HIPAA Security Rule Investigation of BayCare Health System for $800k and Corrective Action Plan
  • UK: Two NHS trusts hit by cyberattack that exploited Ivanti flaw
  • Update: ALN Medical Management’s Data Breach Total Soars to More than 1.8 Million Patients Affected
  • Russian-linked hackers target UK Defense Ministry while posing as journalists
  • Banks Want SEC to Rescind Cyberattack Disclosure Requirements
  • MathWorks, Creator of MATLAB, Confirms Ransomware Attack
  • Russian hospital programmer gets 14 years for leaking soldier data to Ukraine
  • MSCS board renews contract with PowerSchool while suing them
  • Iranian Man Pleaded Guilty to Role in Robbinhood Ransomware

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.