On April 1, DataBreaches reached out to Bienville Orthopaedic Specialists (BOS) in Mississippi to ask about a claim by Abyss threat actors that they had compromised BOS. BOS never replied.
But now, five months later, BOS submitted a breach notification to the Maine Attorney General’s Office. The notification indicates that 242,986 people were affected by a “data security event” that occurred between February 3 and March 5.
The notification letter template, appended to the submission, informs patients of the breach and offers them 12 months of credit monitoring services. A copy of the notice is available on BOS’s website.
Their letter does not mention that there was any ransomware or whether there was an extortion demand in connection with this incident. And it doesn’t tell them about the leak site where DataBreaches first discovered the breach.
On re-check today, the Abyss leak site no longer lists BOS. Why? Did BOS pay them an extortion demand? DataBreaches reached out earlier today to BOS to inquire whether there was a ransom demand and any payment. No reply has been received by publication.