On October 25, DataBreaches reported that Akumin’s ability to provide diagnostic services at some locations remained disrupted two weeks after they detected suspicious activity on their network. What they subsequently identified as a ransomware attack occurred during a time when Akumin was also dealing with bankruptcy.
While there was some resolution of financial issues, things did not get any better for Akumin on the data breach front. Over at SuspectFile, Marco A. De Felice reports:
Two cyber attacks within a very short span of weeks: the first in mid-October carried out by the BlackSuit cybercriminal group, as reported in an HHS document, and the second attack in the early days of November by the ransomware group BianLian. The latter, through their blog, claims to be in possession of millions of highly sensitive documents, totaling 5TB of data.
De Felice’s chronology makes clear that while Akumin acknowledged the October ransomware attack, there has been no mention of any second cyberattack.
In its press release on November 10, Akumin stated that it had restored the majority of its systems and that all locations had resumed patient care, with the ability to schedule patient appointments.
At this time, Akumin has safely restored the majority of our systems. All of our locations have resumed patient care and are now able to schedule patient appointments. […]
As of November 10, Akumin also declared that patients would be able to recover most of their health documentation (but not all, editor’s note).
At this time, you can retrieve most past imaging and radiology results. Since our systems are being restored with differing timelines, a limited amount of past imaging may still be currently unavailable. […]
Based on the research conducted by SuspectFile, however, it seems that in the early days of November, the BianLian group accessed Akumin’s IT systems, stealing a substantial amount of data, 5TB, as claimed by the group in a note on their website on the Tor network. Yet on November 10, Akumin asserted that it had been hit by a single ransomware group in October. There was no mention of any second attack, impact of a second attack, or incident response to any second attack.
Nor was there any mention of a second attack in their December 6 update, where they wrote:
What Happened?
The review of this matter, including impact to data, is ongoing. On October 11, 2023, Akumin was the victim of a ransomware incident, which involved an unauthorized actor using malware to lock access to some files without authorization. After identifying this matter, Akumin took its systems offline, securely restored them, and regained access to its files. During the review of this matter, Akumin identified that files on certain systems were at risk of being copied from its computer network on October 11, 2023.
The December 6 update was after BianLian added Akumin to its leak site.
Read more at SuspectFile.
DataBreaches could not contact BlackSuit to ask them to confirm that they had attacked Akumin in October, as HHS had indicated. But DataBreaches did email Akumin questions about BianLian’s claims.
They did not reply. DataBreaches also sent a contact form to their Data Compliance department asking those questions and whether HHS had been notified as nothing has shown up on HHS’s public breach tool. They, too, did not reply.
BianLian did not provide any proof of claims when they listed Akumin on their leak site, and they have not updated their listing or leaked any data as of publication. Will they leak any data? Only time will tell, but Akumin’s lack of transparency and ignoring inquiries about BianLian’s claims is certainly troubling.
Update: BianLian has jumped into the disputed claims and issued their own statement, with some proof of claims. They write, in part:
Having read the Notice of Data Event on their website we now believe they are trying to publicly merge October’s attack and ours in the one. Though they know well those were two separated cases (we’ve reached their top management on the phone, via email and messengers a huge number of times)…. The point is that none of Akumin’s representatives still reached us for at least to try to save company’s, their employees’, patients’, and partners’ data. Company’s key people (their images are below) are just ignoring us and the incident.
SuspectFile has a write-up on this latest development and the proof of claims BianLian offered.