On October 13, AlphV threat actors added Morrison Community Hospital to their dark web leak site. Within hours, it appeared to have been removed. Today, it was re-listed with this commentary by AlphV:
HUGE LEAK COMING! SQL + DATA = 5TB
Given that we haven’t received a clear response from MCH representatives, we’ve decided to release a teaser and initiate patient calls shortly. The hospital’s leadership has 48 hours to comply with our demands.
A number of screenshots were also provided as alleged proof of claims.
Although numerous sites appear to have simply repeated AlphV’s claims as if they are confirmed, the hospital has not confirmed any breach and DataBreaches has found no statement from them since the listing first appeared on October 13. There is no statement on the hospital’s website at publication time to confirm or deny any data breach or security incident. [NOTE: see update of October 21, below this post.] Nor does their site indicate any disruption in services or compromise of patient data. The proof of claims, however, suggests that protected health information of at least some patients has been acquired, but even that has not been verified.
DataBreaches sent an inquiry to AlphV via their Tox account to ask whether any of the hospital’s files had been locked or if any of AlphV’s actions would interfere with patient care, but no reply has been received as yet.
Update of October 21: Morrison Community Hospital subsequently published a security incident notice on its site. The notice, dated October 19, states that MCH experienced a “network security incident” on September 24 that involved an unauthorized party gaining access to its network environment. It does not mention whether any files were locked.
The notice also states that although MCH has found no evidence so far that patient information has been specifically misused, information was potentially exposed to an unauthorized third party.
The website notice does not state what kinds of information. Nor does it state that some data has already been leaked on the dark web and the threat actors have warned they will be leaking a lot more.