On June 13, the INC Ransom group added Maryhaven in Ohio to their leak site. DataBreaches subsequently contacted Maryhaven to inquire what it was doing in response to INC’s claims. They did not reply, but subsequently posted a notice on their website that said, in part:
We are aware that some of our systems are offline.
We apologize for any inconvenience this may cause.While these systems are being restored, our commitment to client care has not been impacted and remains our top priority.
During this time, it is important to know that our staff is still available to serve our clients and the community.
Nowhere in their alert do they reveal that this was a ransomware attack and that the threat actor has already leaked some personal and protected health information as proof of claims.
Maryhaven describes itself as having cared for more than 350,000 Central Ohioans since it first opened its doors in 1953. They specialize in addiction and mental health treatment, and offer a range of services: “residential and outpatient services, medically assisted treatment, specialized programming for pregnant women and homeless adults, cognitive behavioral and other proven therapies, as well as individual, group, and family counseling for adolescents and adults.”
Maryhaven Acknowledges Incident But Doesn’t Mention PHI
Two days after DataBreaches contacted Maryhaven to inquire about their response to the claimed attack, and without ever responding to DataBreaches’ inquiries, they posted a notice on their site. But the notice didn’t mention any leak of data or threat to leak more data. Yesterday, DataBreaches emailed Maryhaven to ask again what their investigation has shown to date about the scope of the breach of patient data. They have not replied.