DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Medical billing service in Florida one of the latest victims of ransomware attacks

Posted on September 2, 2022 by Dissent

Add NCG Medical to business associates who a ransomware attack has compromised. The medical billing service in Florida was added to the Hive ransomware group’s leak site on August 31, with Hive claiming that they encrypted NCG’s files on August 19.

The 12-day gap between encryption and publicly revealing the attack is a relatively short time frame. Many ransomware groups, including Hive, often give victims longer to respond to them or try to negotiate with them before going public. In response to an inquiry from DataBreaches, a Hive spokesperson indicated that NCG never responded to them at all, which may help explain why the attack has been disclosed so quickly.

Unlike some ransomware groups that offer “proof packs” or a handful of files as proof that they had access to their target’s server, Hive tends to dump a lot of data. The NCG incident is no exception. DataBreaches is still investigating the data that have been dumped so far but can see that it includes information on NCG’s clients who are covered entities under HIPAA. The files also include records of insurance-coded submissions for named patients with information on their diagnoses. One small archive alone had almost 10,000 coded records on named patients. DataBreaches is not even providing redacted screencaps at this point lest sensitive information accidentally be left unredacted.

To put it gently, NCG appears to have a lot to do to figure out who needs to be notified, how to notify them (addresses), and what data types were involved. Whether they will be notifying patients or the covered entities (their clients) will be a function of their business associate agreement with each client.

Although DataBreaches reached out to NCG, no reply was received, which is not surprising given it has been less than two weeks since they likely became aware of the attack and they have a lot to assess and respond to. DataBreaches does not know if they have backups or if the encryption of their files has impacted their functioning.

In addition to what the revealed on their leak site, Hive provided DataBreaches with some additional information, including what they wrote to NCG. In part, their message read,:

! ! ! DO NOT TRY TO DECRYPT OR CHANGE ENCRYPTED FILES ON YOUR COMPUTERS, IT WILL COMPLETELY DESTROY THEM ! ! !

Ladies and gentlemen! Attention, please!

We infiltrated your network and stayed there for 12 days (it was enough to
study all your documentation and gain access to your files and services),
encrypted your servers.

Downloaded most important information with a total size over 270 GB

Few details about information we have downloaded:

– medical records from your clients clinics and practicies (patient name,
address, gender, SSN, diagnosis included)
– company private info (budgets, plans, taxes, etc.)
– clients company info (contracts, payrolls, slips, deposits, etc.)
– software source codes (PerfectCareEHR, billing services)
– SQL databases backups with reports, business data, customers data, etc.
– approximate number of personal records stolen including addresses and
ssn’s data is above 50000 units

From Hive’s claims, it sounds like they got 270 GB of data, much of which is protected health information.

DataBreaches will continue to monitor reports on this incident and will update as appropriate.

Category: Breach IncidentsHealth DataHIPAAMalwareOf NoteSubcontractor

Post navigation

← ‘I think Indonesia’s cybersecurity is run by 14-year olds’: Hackers
Customer data from hundreds of Indonesian and Malaysian restaurants hacked by DESORDEN →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Evoke Wellness to Pay $1.9 Million to Settle FTC Claims That They Misled Consumers Seeking Substance Use Disorder Treatment
  • Former Hilliard treatment center employee accused of selling patient data on dark web
  • Trump Rewrites Cybersecurity Policy in Executive Order
  • AMI Group – Travel & Tours notice of ransomware attack
  • Resource: Insider Threat reports
  • Za: Cyber extortionist sentenced to eight years in jail
  • ICE takes steps to deport the Australian hacker known as “DR32”
  • Hearing on the Federal Government and AI
  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Privacy Victory! Judge Grants Preliminary Injunction in OPM/DOGE Lawsuit
  • The Decision That Murdered Privacy
  • Hearing on the Federal Government and AI
  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.