DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Acadian Ambulance hit by ransomware attack; Daixin claims info on 10 million patients stolen

Posted on July 23, 2024July 23, 2024 by Dissent

A new listing on Daixin Team’s leak site suggested serious problems for Acadian Ambulance.

Acadian Ambulance offers several health-related services, including emergency medical transportation, non-emergency transportation, at-home health care, air services, and medical education. It has locations in Louisiana, Mississippi, Tennessee, and Texas.

Acadian has been in business since 1971, and at this point, employees own the majority of the organization’s stock.

If one were to visit its website today, there would likely be no indication of anything amiss. There is no notice about any data breach on their site or on their Facebook page. But appearances can be deceiving.

According to Daixin Team, who communicated exclusively with DataBreaches,  Daixin encrypted 1,000 – 2,000 of Acadian’s servers on June 21. When asked whether Acadian detected them and kicked them out, Daixin’s spokesperson replied, “Perhaps they began to understand something when everything stopped working. The access of their administrators was blocked and no one interfered with us. We ourselves left their internal network.”  DataBreaches was also shown screenshots from what appeared to be a compromise of an employee’s 2FA screen.

As they have done in the past, Daixin avoided encrypting life-saving servers, later telling Acadian, “As you may have noticed we didn’t encrypt the life support servers but only shut some down as proof we could destroy them.”

From statements provided to DataBreaches by Daixin, it seems that negotiations with Acadian started on June 22. Chat logs from this past week, however, suggest that no agreement was reached on the amount of payment. Daixin had asked for $7 million, but after weeks of negotiating, Acadian was claiming they could only pay less than $173,000. At one point, Daixin’s negotiator told Acadian’s negotiator:

7 Million USD for all the personal and medical data of 10 million US citizens = 70 cents each, less then 1$ !

But we’re not the good guys – we won’t hesitate to publish the data and sell some of it. You’ll never know which data was sold. The decryption tool will also be destroyed. Your disregard for patient privacy will also become public knowledge.

DataBreaches asked Daixin’s spokesperson why they thought Acadian could afford to pay $7 million. Had Daixin discovered that Acadian had cyberinsurance that would cover the payment? They responded by quoting from Zack’s Equity Research:

“Acadia Healthcare exited the first quarter with cash and cash equivalents of $77.3 million, which dropped 22.8% from the 2023 end level. It had a leftover capacity of $371.5 million under its $600 million revolving credit facility at the quarter end.”

[Acadian]: Could you please hold off on anything like that? It would completely invalidate all the work we've put in so far to find a setlement. Your asking price is still too much for us to manage at this point, but we have been actively looking for any solution possible.[Daixin]: We understand that you are a hired (or in-house) cybersecurity company. You have no experience with ransomware. We took care of you like children. As proof, not small test-files, but the 40GB virtual machine image was decrypted. Showed that we have PII + PHI data from 10,000,000 patients. We've been telling you about what the consequences of non-payment can be. As you may have noticed we didn't encrypt the life support servers but only shut down some as proof that we could destroy them. [Daixin]: 7 Million USD for all the personal and medical data of 10 million US citizens = 70 cents each, less then 1$ ! [Daixin]: But we're not the good guys - we won't hesitate to publish the data and sell some of it. You'll never knowwhich data was sold. The decryption tool will also be destroyed. Your disregard for patient privacy will also become public knowledge. [Daixin]: Therefore, your inaction and procrastination will result in a complete failure of negotiations and fatal consequences for your client, Acadian Ambulance
Part of negotiations on July 17. Provided to DataBreaches by Daixin Team.
DataBreaches also asked Daixin whether they really had personal or protected health information on 10 million unique patients.  They replied that yes, the database had more than 11 million people, but only 10 million were unique. When asked whether those were people who used the emergency ambulance service or other services, Daixin’s spokesperson replied that they didn’t know, adding, “Only Acadian can answer this question.”

A list of tables in the database, published today on Daixin’s leak site,  reveals that most of the tables are patient-related. One table involves employee data. The fields in that table include the employees’ first and last name, SSN, date of birth, gender, date of employment, certification number, phone number, email, position, and other types of information.

The table with 11 million records is a table called “ePCR.dbo.MedicalRecord.” It contains a wealth of fields. Other tables also appear to contain sensitive information, such as a table with information on those suspected of drug use.

None of the data has been leaked at this point, however.

DataBreaches emailed Acadian Ambulance yesterday and again today to ask about their response to the incident and whether they had usable backups for the encrypted servers. No reply has been received.

From the information provided to DataBreaches by Daixin, it appears that Acadian’s last negotiation effort was to tell Daixin that they were trying to borrow $400,000, which would bring their offer to $572,500, but it would take a few days.  That was not even close to what Daixin would accept, at which point the ransomware group leaked the tables information and indicated that they will leak other data soon.

This post will be updated if a statement is received from Acadian or the leak situation changes.

 

Category: Breach IncidentsHealth DataMalwareOf Note

Post navigation

← Kuwait Court Drops Case Against Notorious Pentagon Hacker
Ransomware ecosystem fragmenting, but not necessarily great news →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Industry Letter – June 23, 2025: Impact to Financial Sector of Ongoing Global Conflicts
  • MNGI Digestive Health settles class action lawsuit stemming from BlackCat attack
  • Four REvil ransomware members released after time served on carding charges
  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.