Summit Health is a for-profit, multi-specialty medical practice headquartered in Berkeley Heights, New Jersey. It describes itself as a “physician-driven, patient-centric network committed to simplifying the complexities of health care and bringing a more connected kind of care.” They have more than 2,800 providers, 13,000 employees, and over 370 locations in New Jersey, New York, Connecticut, Pennsylvania, and Central Oregon.
On November 3, LockBit3.0 added Summit Health to its leak site and gave it a deadline of November 8 to pay them or all data will supposedly be published.
- The listing provides no description of what the threat actors claim to have acquired, only claiming that it data was uploaded on November 1.
- The listing does not indicate whether the threat actors claim to have encrypted any files or if this is an exfiltration-only with extortion attempt situation.
- The listing provides no proof of claims such as screenshots of data files or a file list.
Finding no indication of any incident on Summit Health’s website, DataBreaches sent an email inquiry to SummitHealth’s media contact on November 3 to ask about LockBit3.0’s claims. No reply was received. A second email was sent earlier today. Again, no reply was received.
LockBit3.0’s claims are unconfirmed, but they have not been disputed by Summit Health either. If Summit Health issues a statement to DataBreaches, this post will be updated.