DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

How many times has Carespring Health Management been attacked since last year? (1)

Posted on August 20, 2024August 22, 2024 by Dissent

In October 2023, Carespring Health Care Management was the victim of a ransomware attack. It was not announced on its website, but in November, Carespring was listed on the NoEscape ransomware gang’s site. At the time, the threat actors claimed they had encrypted Carespring’s files and exfiltrated 364 GB of files.

The incident never appeared on HHS’s public breach tool.

On August 16, Carespring reported the incident to the Maine Attorney General’s Office and submitted a sample notification letter.

The submission says, in part:

On October 28, 2023, Carespring expe1ienced a network secmity incident that impacted some operations.

Upon learning of this issue, we immediately commenced a prompt and thorough investigation working ve1y closely with external cybersecmity professionals expe1ienced in handling these types of incidents to dete1mine whether there was any unautho1ized access to protected information. After an extensive forensic investigation and document review, we discovered on July 16, 2024, that between October 12, 2023 and October 30, 2023, a limited amount of info1mation stored on our network may have been accessed and/or acquired by an unauthorized individual.

Their submission says nothing about any ransomware or any ransom demands. Nor does it mention whether any data was leaked on the dark web.

Carespring reported this incident to Maine as affecting 76,719 people, total.

Carespring Attack Claimed by Two Other Groups Too?

Since the NoEscape breach, Carespring was also subsequently claimed by two other groups: Hunters International in February 2024, who appears to have claimed and leaked 391.4 GB of files, and LockBit3.0 in May, who have provided no proof or specific claims as yet.

Was the Hunters International data the same as the data acquired by NoEscape, or was it different? Should Carespring have told people about the Hunters International data leak? Do they have an unrelated incident that also requires incident response?

And what about the claims on LockBit3.0?  Are those old data from NoEscape or is this yet another breach?

DataBreaches emailed two executives from Carespring yesterday to inquire, but no reply has been received.

This incident does not appear on HHS’s public breach tool unless it was submitted under some name other than Carespring.

Update: The incident has been reported to HHS as affecting 64,609 patients. As of August 22, Carespring has still not replied to inquiries from this site.

Category: Breach IncidentsHealth DataMalwareU.S.

Post navigation

← National Public Data reports highly publicized breach affected a total 1.3 million people
National Public Data Published Its Own Passwords →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say
  • 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide
  • Russian national and leader of Qakbot malware conspiracy indicted in long-running global ransomware scheme
  • Texas Doctor Who Falsely Diagnosed Patients as Part of Insurance Fraud Scheme Sentenced to 10 Years’ Imprisonment
  • VanHelsing ransomware builder leaked on hacking forum
  • Hack of Opexus Was at Root of Massive Federal Data Breach
  • ‘Deep concern’ for domestic abuse survivors as cybercriminals expected to publish confidential abuse survivors’ addresses
  • Western intelligence agencies unite to expose Russian hacking campaign against logistics and tech firms

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras
  • Cocospy stalkerware apps go offline after data breach
  • Drugmaker Regeneron to acquire 23andMe out of bankruptcy

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.