DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Health Information Management vendor breach results in theft of patient info

Posted on June 30, 2022 by Dissent

Unauthorized access to a New Jersey Health Information Management (HIM) vendor’s portal has resulted in some patients’ protected health information being acquired and exfiltrated.

Earlier today, DataBreaches was contacted by someone known to this site as “DarkFox.”  DataBreaches has reported on DarkFox in the past without identifying them, but is identifying them this time by agreement.

According to information and screencaps provided exclusively to DataBreaches, DarkFox acquired and used login credentials to access the client portal for Clairsol Inc. Those credentials enabled DarkFox to access records from state-run medical facilities in New Jersey, including the Trenton Psychiatric Hospital, Ancora Psychiatric Hospital, Greystone Park Psychiatric Hospital and two other facilities.

 

Dictation records included patients’ ID numbers, first and last names, physician’s name, and nature of assessment or purpose. The pulldown menu in upper right corner shows the facilities the unauthorized individual claimed to be able to access. Redacted by DataBreaches.net

 

A spreadsheet with dictation work records from Trenton Psychiatric Hospital revealed patients’ names, ID numbers, physician names, purpose of assessment or appointment, and date of job. Redacted by DataBreaches.net.

Patient information in the second screencap above corresponded to data in the first screencap, but the spreadsheet contained more data — 4152 rows. The 4,152 rows do not represent unique patients, however, as there were multiple appointments or assessments for some patients.

On inquiry, DarkFox explained that they found the login credentials in plain text in a file on a computer they were scanning. DataBreaches does not know whether the computer belonged to a provider or an employee of Clairsol or some other individual. But DarkFox emphasized that the credentials were in plain text and that they provided access to Clairsol without any second factor or multi-factor authentication required.

“Just user and pass and bam in,” DarkFox told DataBreaches.

After quickly determining that the data appeared to both real and current, DataBreaches.net called Trenton Psychiatric Hospital. Asking the switchboard to be connected to cybersecurity for the hospital resulted in an actual person picking up the phone who not only immediately grasped the situation but escalated it immediately to their administrator who then called DataBreaches. As DataBreaches understands the situation, within minutes of our phone call, the administrator was instructing all of their providers not to use the portal until further notice.  This post will be updated when DataBreaches receives any update or follow-up from Trenton Psychiatric Hospital’s HIM administrator.

Yet Another Transcription Service Also Compromised?

At about the same time DarkFox was giving DataBreaches info on the Clairsol breach, they also posted other credentials on a popular hacking forum. In their post, they provided a New Jersey Department of Health & Services login to the client login portal for Transriter. Those login credentials had not been used since 2019, according to DarkFox, but still worked. DataBreaches was able to determine that the provider associated with those credentials had been a psychiatrist associated with the state hospital.

Although the credentials were no longer used, it appears that they were never disabled by Transriter. Patient records that DarkFox was able to access were uploaded to the forum where they were made freely available to everyone.

Coincidentally — or perhaps not — Transriter™ is a medical transcription and document platform that is built, owned and supported exclusively by Diskriter.

If the name Diskriter seems familiar, it may be because last week, DataBreaches reported that Diskriter had been hit by the Hive ransomware group on June 8.

Doing the Right Thing

Although DarkFox posted some sensitive Transriter data on a forum, and although they had acquired sensitive information on patients via the Clairsol portal, they did not post the login to Clairsol or leak any patient data from the Clairsol portal.

To DarkFox’s credit, after communicating with DataBreaches, they agreed not to leak the Clairsol data at all.

The fact that the data are not being leaked publicly is a relief, but it does not negate the covered entity’s obligation to evaluate whether this was a reportable breach under HIPAA, and if so, to make the required notifications. DataBreaches would think that notifications are required because protected health information wound up in unauthorized individuals’ hands.

But apart from the notification issue, it appears two HIMs have recently been compromised: Diskriter and Clairsol. Diskriter allegedly had 160 GB of data stolen, and their server(s) encrypted. Clairsol had a very limited amount of data exfiltrated but had no MFA on its client login portal. This might be a good reminder for covered entities to audit or review the security protocols their HIM vendors have in place.

 


Related:

  • Qantas obtains injunction to prevent hacked data’s release
  • Ransomware attack disrupts Korea's largest guarantee insurer
  • Theft from Glasgow’s Queen Elizabeth University Hospital sparks probe
  • Global operation targets NoName057(16) pro-Russian cybercrime network in Operation Eastwood
  • More than 100 British government personnel exposed by Ministry of Defence data leak
  • New TeleMessage SGNL Flaw Is Actively Being Exploited by Attackers
Category: Breach IncidentsHackHealth DataU.S.

Post navigation

← District heating network in Elbląg attacked by hackers. Some customer data has been lost
Norway hit with cyberattack, temporarily suspending service →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Government will ‘robustly defend’ compensation claims from Afghans put at risk by data breach
  • Authorities released free decryptor for Phobos and 8base ransomware
  • Singapore Facing ‘Serious’ Cyberattack by Espionage Group With Alleged China Ties
  • Missouri Adopts New Data Breach Notice Law
  • Qantas obtains injunction to prevent hacked data’s release
  • Ransomware attack disrupts Korea’s largest guarantee insurer
  • Theft from Glasgow’s Queen Elizabeth University Hospital sparks probe
  • Global operation targets NoName057(16) pro-Russian cybercrime network in Operation Eastwood
  • More than 100 British government personnel exposed by Ministry of Defence data leak
  • New TeleMessage SGNL Flaw Is Actively Being Exploited by Attackers

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • 𝐔𝐠𝐚𝐧𝐝𝐚 𝐨𝐫𝐝𝐞𝐫𝐬 𝐆𝐨𝐨𝐠𝐥𝐞 𝐭𝐨 𝐫𝐞𝐠𝐢𝐬𝐭𝐞𝐫 𝐚𝐬 𝐚 𝐝𝐚𝐭𝐚‑𝐜𝐨𝐧𝐭𝐫𝐨𝐥𝐥𝐞𝐫 𝐰𝐢𝐭𝐡𝐢𝐧 𝟑𝟎 𝐝𝐚𝐲𝐬 𝐚𝐟𝐭𝐞𝐫 𝐥𝐚𝐧𝐝𝐦𝐚𝐫𝐤 𝐩𝐫𝐢𝐯𝐚𝐜𝐲 𝐫𝐮𝐥𝐢𝐧𝐠.
  • Meta investors, Zuckerberg reach settlement to end $8 billion trial over Facebook privacy violations
  • ICE is gaining access to trove of Medicaid records, adding new peril for immigrants
  • Microsoft can’t protect French data from US government access
  • Texas Enacts Electronic Health Record Data Localization Law
  • Upstate NY county clerk again refuses to enforce Texas abortion judgment
  • Attorney General James Leads Coalition Urging Congress to Protect Americans from Masked ICE Agents

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.