DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Medical billing service in Florida one of the latest victims of ransomware attacks

Posted on September 2, 2022 by Dissent

Add NCG Medical to business associates who a ransomware attack has compromised. The medical billing service in Florida was added to the Hive ransomware group’s leak site on August 31, with Hive claiming that they encrypted NCG’s files on August 19.

The 12-day gap between encryption and publicly revealing the attack is a relatively short time frame. Many ransomware groups, including Hive, often give victims longer to respond to them or try to negotiate with them before going public. In response to an inquiry from DataBreaches, a Hive spokesperson indicated that NCG never responded to them at all, which may help explain why the attack has been disclosed so quickly.

Unlike some ransomware groups that offer “proof packs” or a handful of files as proof that they had access to their target’s server, Hive tends to dump a lot of data. The NCG incident is no exception. DataBreaches is still investigating the data that have been dumped so far but can see that it includes information on NCG’s clients who are covered entities under HIPAA. The files also include records of insurance-coded submissions for named patients with information on their diagnoses. One small archive alone had almost 10,000 coded records on named patients. DataBreaches is not even providing redacted screencaps at this point lest sensitive information accidentally be left unredacted.

To put it gently, NCG appears to have a lot to do to figure out who needs to be notified, how to notify them (addresses), and what data types were involved. Whether they will be notifying patients or the covered entities (their clients) will be a function of their business associate agreement with each client.

Although DataBreaches reached out to NCG, no reply was received, which is not surprising given it has been less than two weeks since they likely became aware of the attack and they have a lot to assess and respond to. DataBreaches does not know if they have backups or if the encryption of their files has impacted their functioning.

In addition to what the revealed on their leak site, Hive provided DataBreaches with some additional information, including what they wrote to NCG. In part, their message read,:

! ! ! DO NOT TRY TO DECRYPT OR CHANGE ENCRYPTED FILES ON YOUR COMPUTERS, IT WILL COMPLETELY DESTROY THEM ! ! !

Ladies and gentlemen! Attention, please!

We infiltrated your network and stayed there for 12 days (it was enough to
study all your documentation and gain access to your files and services),
encrypted your servers.

Downloaded most important information with a total size over 270 GB

Few details about information we have downloaded:

– medical records from your clients clinics and practicies (patient name,
address, gender, SSN, diagnosis included)
– company private info (budgets, plans, taxes, etc.)
– clients company info (contracts, payrolls, slips, deposits, etc.)
– software source codes (PerfectCareEHR, billing services)
– SQL databases backups with reports, business data, customers data, etc.
– approximate number of personal records stolen including addresses and
ssn’s data is above 50000 units

From Hive’s claims, it sounds like they got 270 GB of data, much of which is protected health information.

DataBreaches will continue to monitor reports on this incident and will update as appropriate.

Category: Breach IncidentsHealth DataHIPAAMalwareOf NoteSubcontractor

Post navigation

← ‘I think Indonesia’s cybersecurity is run by 14-year olds’: Hackers
Customer data from hundreds of Indonesian and Malaysian restaurants hacked by DESORDEN →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • School Districts Unaware BoardDocs Software Published Their Private Files
  • A guilty plea in the PowerSchool case still leaves unanswered questions
  • Brussels Parliament hit by cyber-attack
  • Sweden under cyberattack: Prime minister sounds the alarm
  • Former CIA Analyst Sentenced to Over Three Years in Prison for Unlawfully Transmitting Top Secret National Defense Information
  • FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters
  • Dutch police identify users on Cracked.io
  • Help, please: Seeking copies of the PowerSchool ransom email(s)
  • RCMP thumb drive with informant, witness data obtained by criminals: watchdog
  • Evoke Wellness to Pay $1.9 Million to Settle FTC Claims That They Misled Consumers Seeking Substance Use Disorder Treatment

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Rules Proposed Under New Jersey Data Privacy Act
  • Using facial recognition? Three recent articles of interest.
  • India publishes consent management rules under Digital Personal Data Protection Act
  • Republicans Move A Step Closer To Repealing Protections For Abortion Clinics
  • Democrats introduce bill that aims to protect reproductive health data
  • Don’t Mind If I Do: Montana Says Hands Off Neural Data
  • 23andMe leadership grilled by lawmakers demanding answers about data security amid bankruptcy sale

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.