In August 2023, El Centro Del Barrio (“CentroMed”) reported a breach that affected 350,000 patients. The incident, which had been claimed by Karakurt threat actors in June, involved patients’ names, addresses, dates of birth, Social Security numbers, financial account information, health insurance plan member IDs and claims data. A check of Karakurt’s leak site today indicates that Karakurt never leaked the almost 42 GB of files they had claimed to have acquired. What happened to those data is unknown but DataBreaches has never seen it leaked or sold anywhere.
But now the Texas healthcare provider has disclosed a second incident. A notice on its website explains that an attacker accessed and/or acquired patients’ names, addresses, dates of birth, Social Security numbers, financial account information, medical records numbers, health insurance information, diagnosis and treatment information, and claims data. The attack occurred on or about April 30 and was discovered on May 1. There is no mention of any complimentary mitigation services in their notice.
This newer incident has not (yet?) been claimed by any group that maintains a leak site, and it has not yet shown up on HHS’s public breach tool, so we do not yet know how many patients were affected by this incident.
How did this/these attacker(s) gain access? And how many of the patients affected in this second incident were also caught up in the first incident? There is a lot we do not know as yet.
UPDATE: The second incident was reported to HHS on May 17 as affecting 400,000 patients.