DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Nonstop Health data and source code appear to have been leaked on hacking forum

Posted on February 3, 2023 by Dissent

Nonstop Health offers health insurance solutions to employers who have more than 50 employees receiving benefits. Headquartered in Concord, California, and Portland, Oregon, Nonstop Health has business associate agreements with its clients that covers protected health information.

On January 17 and 18, data and source code allegedly from Nonstop were leaked on two popular hacking-related forums.

Data allegedly from Nonstop Health leaked on a popular hacking forum.

Personal information leaked online included names, date of birth, postal address with state and zip code, personal email address, and Social Security numbers. For some records, cellphone number, employee status, job title, and annual salary were also included. Given the formatting of the sample data, the sample appears to have been drawn from a number of clients’ data and not just one. The full leak by the poster reportedly contains 43,532 lines and the data are reportedly from December, 2022.

The same data had been previously posted on a popular Russian-language forum with source code files:

The data allegedly from Nonstop also appeared on a popular Russian-language forum with source code.

Since January 19, DataBreaches has reached out to Nonstop Health on multiple occasions to ask them for a response to the leak or situation, but despite a few auto-replies acknowledging the inquiries and saying there would be a response in 24-48 hours, there has been no real response. On January 29, DataBreaches sent email inquiries to three individuals whose data appeared in the sample. Inquiries were sent to one of the forum listers on January 24 and January 29.

Because the forum user has not replied with any additional information, it is not yet clear or confirmed how access was gained to the data and whether the user tried to negotiate any ransom payment with Nonstop Health or not. Nor is it known yet whether Nonstop Health has notified any of its clients or their employees whose personal information appears to now be in an adversary’s hands.

DataBreaches will update this post if more information becomes available.

Updated June 2, 2023: In February, Nonstop notified Indiana that 796 patients were affected.  In March, Nonstop notified HHS that 8,571 patients had been affected, but it is not clear on whose behalf they were reporting. The same month, they notified the Maine Attorney General’s Office on behalf of Mat-Su Health Services,that 462 patients were affected. On May 26, Nonstop notified the California Attorney General’s Office of the breach on behalf of Eisner Health. The notification letter  dated February 15, 2023 made no mention that any data had already been leaked in January on at least two forums, noted above.

Category: Breach IncidentsU.S.

Post navigation

← FL: Tallahassee Memorial hospital victim of suspected ransomware attack
Bits ‘n Pieces (Trozos y Piezas) →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
  • CISA Alert: Updated Guidance on Play Ransomware

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.