DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Everything old is new again, part 2: Was U.S. Dermatology Partners hit twice within months?

Posted on September 16, 2024September 16, 2024 by Dissent

Earlier today, DataBreaches reported that MCNA Dental allegedly suffered a cyberattack involving patient data. According to the threat actor who claimed responsibility for the attack (Everest Ransom Team), this incident was totally unrelated to a February 2023 ransomware attack by LockBit that was supposedly leaked in April 2023. In May 2023, MCNA Dental reported that the February attack affected 8,923,662 people, of whom 8,861,076 were patients. In the newer incident, Everest Ransom Team claims that approximately 1 million patient records are involved.

MCNA has yet to respond to an email inquiry from DataBreaches about the newest incident. But MCNA isn’t the only entity that appears to have suffered a second attack recently. U.S. Dermatology Partners, who allegedly was breached by BianLian earlier this year and had 300 GB of their files leaked in August, now has allegedly had 1.8 TB of files leaked by Black Basta.

Although BianLian’s listing from June 2024 did not claim to include any patient data, the filelist for the data tranche did indicate that protected health information (PHI) was involved. DataBreaches did not download or inspect the entire data tranche.

Black Basta’s leak post also makes no mention of patient data, but inspection of its data tranche revealed that there is a lot of PHI in the newest leak.

But is the data in Black Basta’s leak the same as what BianLian leaked? Looking at some of the Black Basta leak, it appears the last date stamp for some files was June 18 or June 19, 2024. This would be consistent with BianLian’s incident and timeframe. But are they the same files?  DataBreaches spot-checked some of the files date-stamped June 18, but didn’t find them in the BianLian data leak.

Did Black Basta just access more data than BianLian had accessed? Did both groups purchase the same access from a third party? One of the things DataBreaches noticed was that files in the Black Basta leak with logins and passwords were date-stamped June 18. If U.S. Dermatology Partners had changed their logins, those credentials should not have been in the Black Basta tranche. Did they fail to change credentials by the time Black Basta accessed them, or is there some other reason?

DataBreaches submitted inquiries to both Black Basta and U.S. Dermatology Partners but has received no replies by publication. DataBreaches had previously sent inquiries to U.S. Dermatology Partners on August 27 about the BianLian attack. They had not replied at all to that one and no report appears on HHS’s public breach tool for that incident. This post may be updated if more information becomes available.

The post was updated at 7:12 pm to note that U.S. Dermatology Partners never replied to an earlier inquiry from DataBreaches about the BianLian incident, and that incident does not appear to have been reported to HHS yet. 

Related posts:

  • Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach
  • Black Basta exposed: A look at a cybercrime data leak and a key member, “Tramp”
  • CISA Advisory: #StopRansomware: Black Basta
  • Operation Anti Security Breakdown and targets, the full time line
Category: Breach IncidentsCommentaries and AnalysesHealth DataU.S.

Post navigation

← Everything old is new again? MCNA Dental allegedly suffers second big data breach of PHI
Indodax cryptocurrency exchange hack: 9B SHIB stolen in $20.5 mln heist →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Qantas customers involved in mammoth data breach
  • CMS Sending Letters to 103,000 Medicare beneficiaries whose info was involved in a Medicare.gov breach.
  • Esse Health provides update about April cyberattack and notifies 263,601 people
  • Terrible tales of opsec oversights: How cybercrooks get themselves caught
  • International Criminal Court hit with cyber attack during NATO summit
  • Pembroke Regional Hospital reported canceling appointments due to service delays from “an incident”
  • Iran-linked hackers threaten to release emails allegedly stolen from Trump associates
  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.