DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Everything old is new again, part 2: Was U.S. Dermatology Partners hit twice within months?

Posted on September 16, 2024September 16, 2024 by Dissent

Earlier today, DataBreaches reported that MCNA Dental allegedly suffered a cyberattack involving patient data. According to the threat actor who claimed responsibility for the attack (Everest Ransom Team), this incident was totally unrelated to a February 2023 ransomware attack by LockBit that was supposedly leaked in April 2023. In May 2023, MCNA Dental reported that the February attack affected 8,923,662 people, of whom 8,861,076 were patients. In the newer incident, Everest Ransom Team claims that approximately 1 million patient records are involved.

MCNA has yet to respond to an email inquiry from DataBreaches about the newest incident. But MCNA isn’t the only entity that appears to have suffered a second attack recently. U.S. Dermatology Partners, who allegedly was breached by BianLian earlier this year and had 300 GB of their files leaked in August, now has allegedly had 1.8 TB of files leaked by Black Basta.

Although BianLian’s listing from June 2024 did not claim to include any patient data, the filelist for the data tranche did indicate that protected health information (PHI) was involved. DataBreaches did not download or inspect the entire data tranche.

Black Basta’s leak post also makes no mention of patient data, but inspection of its data tranche revealed that there is a lot of PHI in the newest leak.

But is the data in Black Basta’s leak the same as what BianLian leaked? Looking at some of the Black Basta leak, it appears the last date stamp for some files was June 18 or June 19, 2024. This would be consistent with BianLian’s incident and timeframe. But are they the same files?  DataBreaches spot-checked some of the files date-stamped June 18, but didn’t find them in the BianLian data leak.

Did Black Basta just access more data than BianLian had accessed? Did both groups purchase the same access from a third party? One of the things DataBreaches noticed was that files in the Black Basta leak with logins and passwords were date-stamped June 18. If U.S. Dermatology Partners had changed their logins, those credentials should not have been in the Black Basta tranche. Did they fail to change credentials by the time Black Basta accessed them, or is there some other reason?

DataBreaches submitted inquiries to both Black Basta and U.S. Dermatology Partners but has received no replies by publication. DataBreaches had previously sent inquiries to U.S. Dermatology Partners on August 27 about the BianLian attack. They had not replied at all to that one and no report appears on HHS’s public breach tool for that incident. This post may be updated if more information becomes available.

The post was updated at 7:12 pm to note that U.S. Dermatology Partners never replied to an earlier inquiry from DataBreaches about the BianLian incident, and that incident does not appear to have been reported to HHS yet. 

Category: Breach IncidentsCommentaries and AnalysesHealth DataU.S.

Post navigation

← Everything old is new again? MCNA Dental allegedly suffers second big data breach of PHI
Indodax cryptocurrency exchange hack: 9B SHIB stolen in $20.5 mln heist →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Western intelligence agencies unite to expose Russian hacking campaign against logistics and tech firms
  • Disrupting Lumma Stealer: Microsoft leads global action against favored cybercrime tool
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • Privilege Under Fire: Protecting Forensic Reports in the Wake of a Data Breach
  • Hacker who breached communications app used by Trump aide stole data from across US government
  • Massachusetts hacker to plead guilty to PowerSchool data breach (1)
  • Cyberattack brings down Kettering Health phone lines, MyChart patient portal access (1)
  • Gujarat ATS arrests 18-year-old for cyberattacks during Operation Sindoor
  • Hackers Nab 15 Years of UK Legal Aid Applicant Data
  • Supplier to major UK supermarkets Aldi, Tesco & Sainsbury’s hit by cyber attack with ransom demand

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras
  • Cocospy stalkerware apps go offline after data breach
  • Drugmaker Regeneron to acquire 23andMe out of bankruptcy
  • Massachusetts Senate Committee Approves Robust Comprehensive Privacy Law

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.