On January 17, BlackCat (aka ALPHV) added NextGen to their leak site.
On January 19, DataBreaches sent an email inquiry to NextGen asking when they were attacked, whether files had been encrypted, and whether any employee data or patient data had been accessed or exfiltrated.
NextGen responded promptly and then sent the following statement:
NextGen Healthcare is aware of this claim and we have been working with leading cybersecurity experts to investigate and remediate. We immediately contained the threat, secured our network, and have returned to normal operations. Our forensic review is ongoing and, to date, we have not uncovered any evidence of access to or exfiltration of client data. The privacy and security of our client information is of the utmost importance to us.
Their statement was silent about whether they have any evidence that employee data or any patient data had been accessed, locked, and/or exfiltrated.
On January 20, DataBreaches reached out to BlackCat to ask if they would be willing to provide any proof that they had actually accessed or exfiltrated any of NextGen’s client data. Their spokesperson on Tox, “Admin,” responded that they do not disclose information about their companies, adding:
Companies do not want these cases to be known by three people.
Sorry, can’t help you.
We can provide data and all information if the company does not pay us.
Whether DataBreaches’ inquiries to NextGen and BlackCat had any effect is unknown to DataBreaches, but when BlackCat’s site was checked today, NextGen’s listing could no longer be found.
Is it down for updating or is it down because of negotiations or for some other reason? DataBreaches does not know but will continue monitoring the site and situation.