DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Nine months after ransomware attack, Atlantic Dialysis Management Services notifies patients and regulators

Posted on March 30, 2023 by Dissent

In August 2022, DataBreaches reported a ransomware attack on Atlantic Dialysis Management Services (ADMS) by Snatch Team. DataBreaches first learned of the breach in June 2022, when Snatch Team named ADMS on their leak site. Between then and August 16, when DataBreaches reported on the incident, ADMS ignored requests from this site for information about their response to the attack. Even after Snatch Team started leaking data and DataBreaches contacted ADMS again, they did not reply.  DataBreaches’ reporting in August 2022 included examples of what had been leaked by then and questioned some of the claims ADMS made in their press release of August 5. DataBreaches reported, in part:

Nowhere does ADMS’s statement of August 5 indicate that there was an extortion attempt in connection with this incident, that some data had already been leaked on the internet, and that more might be leaked.

On January 15, 2023, Snatch Team leaked 39 GB of files from ADMS. As of today, there appear to have been 62 downloads of data that includes personal and protected health information.

Listing on Snatch Team Created: Jun 3, 2022 01:14 AMUpdated: Jan 15, 2023 08:18 PM There are six screencaps of files (redacted by DataBreaches) and a link to download 39 GB of data.
Snatch Team’s listing for ADMS was last updated in January 2023 to leak 39 GB of files for free download.

ADMS’s notice of August 5 is still available on their website and has not been updated, even months after 39 GB of files were dumped. Their website notice still does not tell people that their personal and protected health information was exfiltrated and dumped on the internet.

Their letter to patients, a copy of which was submitted to the Massachusetts Attorney General’s Office, begins:

Atlantic Dialysis Management Services, LLC (“ADMS”) writes to notify you of a recent incident that may impact some of your personal information described below. We take the privacy of information in our care seriously. At this time, there is no indication that any information has been misused. However, ADMS is providing this notification to you out of an abundance of caution and so that you
may take steps to safeguard your information if you feel is it necessary to do so.

What We Are Doing:
ADMS has taken every step necessary to address the incident and is committed to fully protecting all of the information entrusted to us.

Every step necessary except notifying people last year after they first became aware of a breach? Every step necessary except fully disclosing to patients that their data is on the clearnet and dark web and available for download?

This week, ADMS notified HHS of the incident as a business associate. They filed 14 reports on March 21 and March 22 (although one might be in error as a duplicate).

For the 13 reports filed with HHS on March 22, a total of 16,121 patients were reportedly affected. That number is not necessarily the total number of patients affected if some covered entities decided to do their own notifications.

DataBreaches is not posting screencaps from the 39 GB data dump at this time but continues to be concerned when entities do not fully disclose to patients when their personal and protected health information has not only been stolen but leaked.

Category: Commentaries and AnalysesHealth DataOf NoteSubcontractorU.S.

Post navigation

← Data of 2 million Dutch people leaked, software supplier taken to court
Tracking the Adelanto Healthcare Ventures breach on DataBreaches.net →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Banks Want SEC to Rescind Cyberattack Disclosure Requirements
  • MathWorks, Creator of MATLAB, Confirms Ransomware Attack
  • Russian hospital programmer gets 14 years for leaking soldier data to Ukraine
  • MSCS board renews contract with PowerSchool while suing them
  • Iranian Man Pleaded Guilty to Role in Robbinhood Ransomware
  • Developments surrounding data breach at Dutch police
  • Estonia launches international search for Moroccan citizen wanted over data theft
  • Now it’s Tiffany: Another LVMH luxury brand hit by hackers
  • Dutch Government: More forms of espionage to be a criminal offence from 15 May onwards
  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.