DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

How many times has Carespring Health Management been attacked since last year? (1)

Posted on August 20, 2024August 22, 2024 by Dissent

In October 2023, Carespring Health Care Management was the victim of a ransomware attack. It was not announced on its website, but in November, Carespring was listed on the NoEscape ransomware gang’s site. At the time, the threat actors claimed they had encrypted Carespring’s files and exfiltrated 364 GB of files.

The incident never appeared on HHS’s public breach tool.

On August 16, Carespring reported the incident to the Maine Attorney General’s Office and submitted a sample notification letter.

The submission says, in part:

On October 28, 2023, Carespring expe1ienced a network secmity incident that impacted some operations.

Upon learning of this issue, we immediately commenced a prompt and thorough investigation working ve1y closely with external cybersecmity professionals expe1ienced in handling these types of incidents to dete1mine whether there was any unautho1ized access to protected information. After an extensive forensic investigation and document review, we discovered on July 16, 2024, that between October 12, 2023 and October 30, 2023, a limited amount of info1mation stored on our network may have been accessed and/or acquired by an unauthorized individual.

Their submission says nothing about any ransomware or any ransom demands. Nor does it mention whether any data was leaked on the dark web.

Carespring reported this incident to Maine as affecting 76,719 people, total.

Carespring Attack Claimed by Two Other Groups Too?

Since the NoEscape breach, Carespring was also subsequently claimed by two other groups: Hunters International in February 2024, who appears to have claimed and leaked 391.4 GB of files, and LockBit3.0 in May, who have provided no proof or specific claims as yet.

Was the Hunters International data the same as the data acquired by NoEscape, or was it different? Should Carespring have told people about the Hunters International data leak? Do they have an unrelated incident that also requires incident response?

And what about the claims on LockBit3.0?  Are those old data from NoEscape or is this yet another breach?

DataBreaches emailed two executives from Carespring yesterday to inquire, but no reply has been received.

This incident does not appear on HHS’s public breach tool unless it was submitted under some name other than Carespring.

Update: The incident has been reported to HHS as affecting 64,609 patients. As of August 22, Carespring has still not replied to inquiries from this site.

No related posts.

Category: Breach IncidentsHealth DataMalwareU.S.

Post navigation

← National Public Data reports highly publicized breach affected a total 1.3 million people
National Public Data Published Its Own Passwords →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Air Force Employee Pleads Guilty to Conspiracy to Disclose Unlawfully Classified National Defense Information
  • UK police arrest four in connection with M&S, Co-op and Harrods cyberattacks (1)
  • At U.S. request, France jails Russian basketball player Daniil Kasatkin on suspicion of ransomware conspiracy
  • Avantic Medical Lab hacked; patient data leaked by Everest Group
  • Integrated Oncology Network victim of phishing attack; multiple locations affected (2)
  • HHS’ Office for Civil Rights Settles HIPAA Privacy and Security Rule Investigation with Deer Oaks Behavioral Health for $225k and a Corrective Action Plan
  • HB1127 Explained: North Dakota’s New InfoSec Requirements for Financial Corporations
  • Credit reports among personal data of 190,000 breached, put for sale on Dark Web; IT vendor fined
  • Five youths arrested on suspicion of phishing
  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How to Build on Washington’s “My Health, My Data” Act
  • Department of Justice Subpoenas Doctors and Clinics Involved in Performing Transgender Medical Procedures on Children
  • Google Settles Privacy Class Action Over Period Tracking App
  • ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets
  • Franklin, Tennessee Resident Sentenced to 30 Months in Federal Prison on Multiple Cyber Stalking Charges
  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.