DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Consulting Radiologists LTD notifying 583,824 patients about February attack

Posted on June 27, 2024June 27, 2024 by Dissent

Two ransomware groups claimed to have attacked Consulting Radiologists. The notification is silent about any ransom demands. 

Consulting Radiologists LTD. (“CRL”)” in Minnesota is a physician-owned practice. On February 12, 2024, they detected suspicious activity on their network. An investigation revealed that an unauthorized actor had accessed certain files and data. Those files contained patient information including name, address, date of birth, Social Security number, health insurance information, and medical information. Small subsets of patients had their Social Security number or driver’s license number impacted, and another small subset included face sheets and imaging reports. The type of information at issue reportedly varied for each person.

CRL posted a notice on their site on June 14, notified regulators, and notified affected patients for whom they had current contact information.

According to their report to HHS on June 14, 583,824 patients were affected. On the same day, they reported the total number affected to Maine as 511,947. They provide no explanation for the discrepancy in numbers and do not explain why so much unencrypted protected health information was connected to the Internet or accessible to criminals.

Additional details and advice to those affected are available in their website notice.

Ransomware Groups Claim Responsibility

By April 27. some files had already been leaked on LockBit3.0.

CRL’s notification does not indicate who the threat actor(s) were, whether any data were encrypted, or whether there was any ransom demand. A search of ransomware group leak sites finds that LockBit3.0 claimed responsibility for the attack in April 2024 with proof of claims and then updated their listing in May 2024. Qilin also claimed responsibility for the attack in May and also posted proof of claims. Neither group of threat actors appears to have subsequently leaked the data and the listing no longer appears on LockBit3.0.

“Full transparency?”

Whether both groups collaborated or independently attacked CRL is unknown to DataBreaches at this time, but CRL’s notification does not warn patients about the threatened leak of their data. Their notification letter to those affected claims, in part:

Upon learning this, CRL began a time-consuming and detailed reconstruction and review of the data stored on the server at the time of this incident to understand whose information was affected. On April 17, 2024, CRL identified persons whose sensitive data was included within the impacted data. At this time, we have no evidence any of the information has been misused by a third party, but because information related to you was disclosed, we are notifying you out of full transparency.

Perhaps they define “full transparency” differently than DataBreaches does, but if my personal and protected health information was allegedly in the hands of two different Russia-linked criminal groups, I would want to know so that I could assess my risk and take appropriate steps to protect myself.

And no, you are not notifying out of “full transparency.” You are required by law to notify.

 


Related:

  • Two more entities have folded after ransomware attacks
  • British institutions to be banned from paying ransoms to Russian hackers
  • Data breach feared after cyberattack on AMEOS hospitals in Germany
  • Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
  • Michigan ‘ATM jackpotting’: Florida men allegedly forced machines to dispense $107K
  • Premier Health Partners issues a press release about a breach two years ago. Why was this needed now?
Category: Breach IncidentsCommentaries and AnalysesHealth DataMalwareU.S.

Post navigation

← FTC Defends Investigation Into Cyberattack on MGM as Casino Giant Seeks to Block Probe
Maryhaven addiction and treatment centers hit by ransomware attack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • PowerSchool commits to strengthened breach measures following engagement with the Privacy Commissioner of Canada
  • Hungarian police arrest suspect in cyberattacks on independent media
  • Two more entities have folded after ransomware attacks
  • British institutions to be banned from paying ransoms to Russian hackers
  • Data breach feared after cyberattack on AMEOS hospitals in Germany
  • Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
  • Global hack on Microsoft product hits U.S., state agencies, researchers say
  • Inquiry launched after identities of SAS soldiers leaked in fresh data breach
  • UK sanctions Russian cyber spies accused of facilitating murders
  • Michigan ‘ATM jackpotting’: Florida men allegedly forced machines to dispense $107K

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • British government reportedlu set to back down on secret iCloud backdoor after US pressure
  • Idaho agrees not to prosecute doctors for out-of-state abortion referrals
  • As companies race to add AI, terms of service changes are going to freak a lot of people out. Think twice before granting consent!
  • Uganda orders Google to register as a data-controller within 30 days after landmark privacy ruling
  • Meta investors, Zuckerberg reach settlement to end $8 billion trial over Facebook privacy violations
  • ICE is gaining access to trove of Medicaid records, adding new peril for immigrants
  • Microsoft can’t protect French data from US government access

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.