DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

IL: Morrison Community Hospital patient data leaked by threat actors

Posted on October 29, 2023 by Dissent

On October 13, BlackCat (AlphV) threat actors first threatened to leak data from Morrison Community Hospital (MCH) in Illinois.

Shortly thereafter, the listing was removed, only to be re-listed on October 19 with a claim by BlackCat that because the hospital had not given them a clear response, they were going to leak a little data and start contacting patients. Whether they ever contacted any patients or not is not known to DataBreaches, but on October 19, the hospital posted a notice on its website confirming that it had experienced a “network security incident” on September 24 and would be notifying some current and former patients that their personal information may have been accessed as part of that incident.

Yesterday, BlackCat leaked all the data they described as:

FULL HUGE LEAK + BONUS
10/28/2023, 11:25:09 AM
As MCH playing games with us. We releasing full leak.

1. We releasing ~8.6 TB of original VMWare VM images. 5 VMs with data and 1 VM with SQL. Use torrent magnet to download.

2. We also exctracted files from drives if you’re lazy one. Use tor link to explore files.

3. And BONUS. We exctracted all passwords from employees browsers from MCH. Check link

P.S. Playing games was a bad idea

MCH has not updated its notice as of this publication, but had previously stated that it was not aware of any misuse of the data. Whether that will remain the case now that the data has been leaked remains to be determined.

This incident has not shown up on HHS’s public breach tool yet so we do not yet know the number of patients affected.

Category: Breach IncidentsHackHealth Data

Post navigation

← Hogan Lovell Series: “Insider Threats”
India’s Biggest Data Leak So Far? Covid-19 Test Info of 81.5Cr Citizens With ICMR Up for Sale →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin
  • Ukrainian Web3 security auditing company Hacken suffered an attack that allowed a hacker to create 900 million HAI tokens
  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024 (2)
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.