DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Acadian Ambulance hit by ransomware attack; Daixin claims info on 10 million patients stolen

Posted on July 23, 2024July 23, 2024 by Dissent

A new listing on Daixin Team’s leak site suggested serious problems for Acadian Ambulance.

Acadian Ambulance offers several health-related services, including emergency medical transportation, non-emergency transportation, at-home health care, air services, and medical education. It has locations in Louisiana, Mississippi, Tennessee, and Texas.

Acadian has been in business since 1971, and at this point, employees own the majority of the organization’s stock.

If one were to visit its website today, there would likely be no indication of anything amiss. There is no notice about any data breach on their site or on their Facebook page. But appearances can be deceiving.

According to Daixin Team, who communicated exclusively with DataBreaches,  Daixin encrypted 1,000 – 2,000 of Acadian’s servers on June 21. When asked whether Acadian detected them and kicked them out, Daixin’s spokesperson replied, “Perhaps they began to understand something when everything stopped working. The access of their administrators was blocked and no one interfered with us. We ourselves left their internal network.”  DataBreaches was also shown screenshots from what appeared to be a compromise of an employee’s 2FA screen.

As they have done in the past, Daixin avoided encrypting life-saving servers, later telling Acadian, “As you may have noticed we didn’t encrypt the life support servers but only shut some down as proof we could destroy them.”

From statements provided to DataBreaches by Daixin, it seems that negotiations with Acadian started on June 22. Chat logs from this past week, however, suggest that no agreement was reached on the amount of payment. Daixin had asked for $7 million, but after weeks of negotiating, Acadian was claiming they could only pay less than $173,000. At one point, Daixin’s negotiator told Acadian’s negotiator:

7 Million USD for all the personal and medical data of 10 million US citizens = 70 cents each, less then 1$ !

But we’re not the good guys – we won’t hesitate to publish the data and sell some of it. You’ll never know which data was sold. The decryption tool will also be destroyed. Your disregard for patient privacy will also become public knowledge.

DataBreaches asked Daixin’s spokesperson why they thought Acadian could afford to pay $7 million. Had Daixin discovered that Acadian had cyberinsurance that would cover the payment? They responded by quoting from Zack’s Equity Research:

“Acadia Healthcare exited the first quarter with cash and cash equivalents of $77.3 million, which dropped 22.8% from the 2023 end level. It had a leftover capacity of $371.5 million under its $600 million revolving credit facility at the quarter end.”

[Acadian]: Could you please hold off on anything like that? It would completely invalidate all the work we've put in so far to find a setlement. Your asking price is still too much for us to manage at this point, but we have been actively looking for any solution possible.[Daixin]: We understand that you are a hired (or in-house) cybersecurity company. You have no experience with ransomware. We took care of you like children. As proof, not small test-files, but the 40GB virtual machine image was decrypted. Showed that we have PII + PHI data from 10,000,000 patients. We've been telling you about what the consequences of non-payment can be. As you may have noticed we didn't encrypt the life support servers but only shut down some as proof that we could destroy them. [Daixin]: 7 Million USD for all the personal and medical data of 10 million US citizens = 70 cents each, less then 1$ ! [Daixin]: But we're not the good guys - we won't hesitate to publish the data and sell some of it. You'll never knowwhich data was sold. The decryption tool will also be destroyed. Your disregard for patient privacy will also become public knowledge. [Daixin]: Therefore, your inaction and procrastination will result in a complete failure of negotiations and fatal consequences for your client, Acadian Ambulance
Part of negotiations on July 17. Provided to DataBreaches by Daixin Team.
DataBreaches also asked Daixin whether they really had personal or protected health information on 10 million unique patients.  They replied that yes, the database had more than 11 million people, but only 10 million were unique. When asked whether those were people who used the emergency ambulance service or other services, Daixin’s spokesperson replied that they didn’t know, adding, “Only Acadian can answer this question.”

A list of tables in the database, published today on Daixin’s leak site,  reveals that most of the tables are patient-related. One table involves employee data. The fields in that table include the employees’ first and last name, SSN, date of birth, gender, date of employment, certification number, phone number, email, position, and other types of information.

The table with 11 million records is a table called “ePCR.dbo.MedicalRecord.” It contains a wealth of fields. Other tables also appear to contain sensitive information, such as a table with information on those suspected of drug use.

None of the data has been leaked at this point, however.

DataBreaches emailed Acadian Ambulance yesterday and again today to ask about their response to the incident and whether they had usable backups for the encrypted servers. No reply has been received.

From the information provided to DataBreaches by Daixin, it appears that Acadian’s last negotiation effort was to tell Daixin that they were trying to borrow $400,000, which would bring their offer to $572,500, but it would take a few days.  That was not even close to what Daixin would accept, at which point the ransomware group leaked the tables information and indicated that they will leak other data soon.

This post will be updated if a statement is received from Acadian or the leak situation changes.

 

Category: Breach IncidentsHealth DataMalwareOf Note

Post navigation

← Kuwait Court Drops Case Against Notorious Pentagon Hacker
Ransomware ecosystem fragmenting, but not necessarily great news →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Banks Want SEC to Rescind Cyberattack Disclosure Requirements
  • MathWorks, Creator of MATLAB, Confirms Ransomware Attack
  • Russian hospital programmer gets 14 years for leaking soldier data to Ukraine
  • MSCS board renews contract with PowerSchool while suing them
  • Iranian Man Pleaded Guilty to Role in Robbinhood Ransomware
  • Developments surrounding data breach at Dutch police
  • Estonia launches international search for Moroccan citizen wanted over data theft
  • Now it’s Tiffany: Another LVMH luxury brand hit by hackers
  • Dutch Government: More forms of espionage to be a criminal offence from 15 May onwards
  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.