DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Hit by Conti ransomware in October, Medical Healthcare Solutions now notifying clients’ patients (Update 1)

Posted on January 27, 2022 by Dissent

On January 21, Medical Healthcare Solutions issued a statement on its website about a ransomware attack, although they do not state that it was a ransomware attack. Nor do they identify the incident as an attack by Conti, but it was.

Medical Healthcare Solutions, Inc. (MHS), recently experienced a cyber-incident that impacted some protected health information (PHI) within its data network. MHS immediately shut down its data system, conducted an extensive investigation, notified law enforcement, and implemented additional security measures. On November 19, 2021, MHS discovered the unauthorized party may have removed files from its network. On January 8, 2022, MHS identified a final list of impacted PHI, and on January 21, 2022, sent notifications by mail to impacted individuals.

Some of the impacted information may have included: name, address, date of birth, sex, phone number, email address, Social Security number, driver’s license/state ID number, financial account number, routing number, payment card number, card CVV/expiration, diagnosis/treatment information, procedure type, provider name, prescription information, date of service, medical record number, patient account number, insurance ID number, insurance group number, claim number, insurance plan name, provider ID number, procedure code, treatment cost, and diagnosis code. MHS is issuing this notice on behalf of its clients, Harvard Medical Faculty Physicians at Beth Israel Deaconess Medical Center and Associated Physicians of Harvard Medical Faculty Physicians at Beth Israel Deaconess Medical Center.

The privacy and security of the personal information MHS maintains on behalf of its clients is of the utmost importance. MHS has established a dedicated assistance line for impacted individuals with questions or concerns at 855-675-3125, Monday through Friday, (except U.S. holidays), from 9 a.m. – 9 p.m., EST, or by mail at P.O. Box 3160, Andover, MA 01810-0803. In addition, MHS is offering impacted individuals up to 24 months of credit monitoring and identity protection services.

Notified individuals should take actions to help protect their information by remaining vigilant in reviewing their account and explanation of benefits statements and consider placing a fraud alert and/or security freeze on their accounts.

When did the attack occur, though, and when did the Massachusetts-headquartered MHS first discover it or should have discovered it?  Conti threat actors added MHS to their dedicated leak site on October 27, 2021, which means that the attack had happened before then, and Conti had presumably been unsuccessful by that time at getting MHS to pay them any ransom demands.

Although MHS’s website statement does not reveal when the initial attack occurred, a filing by MHS to the state reports that their investigation revealed that files had been exfiltrated from their network between October 1 and October 4.

So could they have discovered the breach in early October instead of November 19? And how did they discover it on November 19? Was it because of a ransom demand with proof of claim or because some journalist contacted them to inquire about Conti listing them on their leak site?  Or did they discover this through their own internal defenses?

On January 15, Conti leaked what they claim represents 95% of the files that they exfiltrated from the business associate.

Conti leaked data in parts
Image:DataBreaches.net

MHS’s statement does not disclose that data have been, and remain, freely available on both the dark web and clear net (Conti has a clearnet mirror). And while they offer those affected 24 months of mitigation services, DataBreaches.net continues to maintain that entities should inform people when they know that data has been leaked and is being circulated or shared.

Although the incident may have been reported to HHS by now, it does not yet appear on HHS’s public breach tool so we do not know the total number of patients reportedly impacted by this breach if MHS reports on behalf of their clients (some clients may choose to report on their own).

A notification with a template of MHS’s notice to individuals has been submitted to the Massachusetts Attorney General’s Office, however, and appears below.  As of the time of this publication, however, the incident has not been added to the state’s public list of breaches, so we do not know how many Massachusetts residents were impacted by this.

This post may be updated as more details become available.

Update 1: This incident was reported to Massachusetts on January 24, 2022 as impacting 118,417 Massachusetts residents. It has not yet shown up on HHS’s breach tool (they are only as current as Jan. 21 as of the time of this publication).

25854-MedicalHealthcareSolutions

Category: Breach IncidentsHealth DataMalwareSubcontractorU.S.

Post navigation

← Conti ransomware hits Apple, Tesla supplier
QNAP users angry after NAS drives are updated to combat DeadBolt ransomware →

1 thought on “Hit by Conti ransomware in October, Medical Healthcare Solutions now notifying clients’ patients (Update 1)”

  1. Österreicher says:
    January 28, 2022 at 9:59 am

    I received the letter, and I am downloading the stuff from Conti right now. Curious if I can find myself in there … Worst thing is, Beth Israel is still doing business with the MHS dorks. I just received another bill yesterday.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
  • Georgia hospital defeats data-tracking lawsuit
  • 60K BTC Wallets Tied to LockBit Ransomware Gang Leaked
  • UK: Legal Aid Agency hit by cyber security incident
  • Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
  • PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
  • Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines
  • Call for Public Input: Essential Cybersecurity Protections for K-12 Schools (2025-26 SY)
  • Cyberattack puts healthcare on hold for hundreds in St. Louis metro
  • Europol: DDoS-for-hire empire brought down: Poland arrests 4 administrators, US seizes 9 domains

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Apple Siri Eavesdropping Payout Deadline Confirmed—How To Make A Claim
  • Privacy matters to Canadians – Privacy Commissioner of Canada marks Privacy Awareness Week with release of latest survey results
  • Missouri Clinic Must Give State AG Minor Trans Care Information
  • Georgia hospital defeats data-tracking lawsuit
  • No Postal Service Data Sharing to Deport Immigrants
  • DOGE aims to pool federal data, putting personal information at risk
  • Privacy concerns swirl around HHS plan to build Medicare, Medicaid database on autism

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.