DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Parathon by JDA eHealth Systems hit by Akira? They haven’t responded to inquiries.

Posted on August 6, 2023 by Dissent

Visitors to Akira’s dark web leak site are greeted with a message:

Well, you are here. It means that you’re suffering from cyber incident right now. Think of our actions as an unscheduled forced audit of your network for vulnerabilities. Keep in mind that there is a fair price to make it all go away.

Do not rush to assess what is happening – we did it to you. The best thing you can do is to follow our instructions to get back to your daily routine, by cooperating with us you will minimize the damage that might be done.

Those who choose different path will be shamed here publicly. The functionality of this blog is extremely simple – enter the desired command in the input line and enjoy the juiciest information that corporations around the world wanted to stay confidential.

Remember. You are unable to recover without our help. Your data is already gone and cannot be traced to the place of final storage nor deleted by anyone besides us.

On August 1, Parathon by JDA eHealth Systems was added to Akira’s site with a note from Akira:  “We’re almost ready to share the 560GB of data we’ve taken from their network. Contracts, employee personal information, and confidential documents will be posted shortly.”

Listing on Akira’s leak site, Aug. 1. Image: DataBreaches.net

Akira did not reply to an inquiry sent to them by DataBreaches. Neither did Parathon, who was sent contact form inquiries on August 1 and again yesterday. So there is no proof from Akira and no denial or confirmation from Parathon.

Parathon is a revenue cycle management (RCM) business associate used by covered entities in the healthcare sector for billing patients and insurers and handling claims. Their software is available in a desktop model or web-tool model. It is not yet clear what Akira may have acquired in the way of personally identifiable information and/or protected health information of employees or patients.

If Parathon is a business associate to HIPAA-covered entities, their obligation is to notify any affected covered entities, who, in turn, have a duty to notify HHS of any reportable breach and to notify any affected patients. Depending on their contracts, Parathon might contact patients and/or HHS on behalf of one or more of the covered entities, but then again, maybe the covered entities will opt to do their own disclosures if there are any disclosures required.

A recent article by Arctic Wolf provides some helpful background on Akira. The firm’s incident response team notes, “In nearly all intrusions, the threat actors leveraged compromised credentials to obtain initial access to the victim’s environment. Notably, the majority of victim organizations did not have multi-factor authentication (MFA) enabled on their VPNs. It is unclear how the threat actors obtained the compromised credentials; however, it is plausible the threat actors purchased access or credentials on the dark web.”

Also of note, although Akira follows the Ransomware-as-a-Service (RaaS) model, they do not insist their victims pay for both a decryption key and the deletion of data they exfiltrated. According to Arctic Wolf, “Instead, Akira offers victims the opportunity to pick and choose what they would like to pay for. However, if a victim does not pay the ransom (ranging from $200K USD to over $4M USD based on Arctic Wolf® Incident Response’s insights) the victim’s name and data are published to Akira’s leak site.”

DataBreaches will continue to monitor the listing on the leak site and will update this post if more information becomes available. Inquiries were also sent yesterday to  NorthShore University HealthSystem and HonorHealth, two entities whose praise Parathon cites on its website, to ask them if Parathon had recently alerted them to any breaches. No replies have been received.

 

Category: Breach IncidentsHealth DataMalwareSubcontractorU.S.

Post navigation

← Massive data breach could impact many who attended or worked for public schools in Colorado
New acoustic attack steals data from keystrokes with 95% accuracy →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
  • CISA Alert: Updated Guidance on Play Ransomware

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.