On October 13, BlackCat (AlphV) threat actors first threatened to leak data from Morrison Community Hospital (MCH) in Illinois.
Shortly thereafter, the listing was removed, only to be re-listed on October 19 with a claim by BlackCat that because the hospital had not given them a clear response, they were going to leak a little data and start contacting patients. Whether they ever contacted any patients or not is not known to DataBreaches, but on October 19, the hospital posted a notice on its website confirming that it had experienced a “network security incident” on September 24 and would be notifying some current and former patients that their personal information may have been accessed as part of that incident.
Yesterday, BlackCat leaked all the data they described as:
FULL HUGE LEAK + BONUS
10/28/2023, 11:25:09 AM
As MCH playing games with us. We releasing full leak.1. We releasing ~8.6 TB of original VMWare VM images. 5 VMs with data and 1 VM with SQL. Use torrent magnet to download.
2. We also exctracted files from drives if you’re lazy one. Use tor link to explore files.
3. And BONUS. We exctracted all passwords from employees browsers from MCH. Check link
P.S. Playing games was a bad idea
MCH has not updated its notice as of this publication, but had previously stated that it was not aware of any misuse of the data. Whether that will remain the case now that the data has been leaked remains to be determined.
This incident has not shown up on HHS’s public breach tool yet so we do not yet know the number of patients affected.