DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Everything old is new again, part 2: Was U.S. Dermatology Partners hit twice within months?

Posted on September 16, 2024September 16, 2024 by Dissent

Earlier today, DataBreaches reported that MCNA Dental allegedly suffered a cyberattack involving patient data. According to the threat actor who claimed responsibility for the attack (Everest Ransom Team), this incident was totally unrelated to a February 2023 ransomware attack by LockBit that was supposedly leaked in April 2023. In May 2023, MCNA Dental reported that the February attack affected 8,923,662 people, of whom 8,861,076 were patients. In the newer incident, Everest Ransom Team claims that approximately 1 million patient records are involved.

MCNA has yet to respond to an email inquiry from DataBreaches about the newest incident. But MCNA isn’t the only entity that appears to have suffered a second attack recently. U.S. Dermatology Partners, who allegedly was breached by BianLian earlier this year and had 300 GB of their files leaked in August, now has allegedly had 1.8 TB of files leaked by Black Basta.

Although BianLian’s listing from June 2024 did not claim to include any patient data, the filelist for the data tranche did indicate that protected health information (PHI) was involved. DataBreaches did not download or inspect the entire data tranche.

Black Basta’s leak post also makes no mention of patient data, but inspection of its data tranche revealed that there is a lot of PHI in the newest leak.

But is the data in Black Basta’s leak the same as what BianLian leaked? Looking at some of the Black Basta leak, it appears the last date stamp for some files was June 18 or June 19, 2024. This would be consistent with BianLian’s incident and timeframe. But are they the same files?  DataBreaches spot-checked some of the files date-stamped June 18, but didn’t find them in the BianLian data leak.

Did Black Basta just access more data than BianLian had accessed? Did both groups purchase the same access from a third party? One of the things DataBreaches noticed was that files in the Black Basta leak with logins and passwords were date-stamped June 18. If U.S. Dermatology Partners had changed their logins, those credentials should not have been in the Black Basta tranche. Did they fail to change credentials by the time Black Basta accessed them, or is there some other reason?

DataBreaches submitted inquiries to both Black Basta and U.S. Dermatology Partners but has received no replies by publication. DataBreaches had previously sent inquiries to U.S. Dermatology Partners on August 27 about the BianLian attack. They had not replied at all to that one and no report appears on HHS’s public breach tool for that incident. This post may be updated if more information becomes available.

The post was updated at 7:12 pm to note that U.S. Dermatology Partners never replied to an earlier inquiry from DataBreaches about the BianLian incident, and that incident does not appear to have been reported to HHS yet. 

Category: Breach IncidentsCommentaries and AnalysesHealth DataU.S.

Post navigation

← Everything old is new again? MCNA Dental allegedly suffers second big data breach of PHI
Indodax cryptocurrency exchange hack: 9B SHIB stolen in $20.5 mln heist →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • WestJet investigates cyberattack disrupting internal systems
  • Plastic surgeons often store nude photos of patients with their identity information. When would we call that “negligent?”
  • India: Servers of two city hospitals hacked; police register FIR
  • Ph: Coop Hospital confirms probe into reported cyberattack
  • Slapped wrists for Financial Conduct Authority staff who emailed work data home
  • School Districts Unaware BoardDocs Software Published Their Private Files
  • A guilty plea in the PowerSchool case still leaves unanswered questions
  • Brussels Parliament hit by cyber-attack
  • Sweden under cyberattack: Prime minister sounds the alarm
  • Former CIA Analyst Sentenced to Over Three Years in Prison for Unlawfully Transmitting Top Secret National Defense Information

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Anne Wojcicki Wins Bidding for 23andMe
  • Would you — or wouldn’t you?
  • New York passes a bill to prevent AI-fueled disasters
  • Synthetic Data and the Illusion of Privacy: Legal Risks of Using De-Identified AI Training Sets
  • States sue to block the sale of genetic data collected by DNA testing company 23andMe
  • AI tools collect and store data about you from all your devices – here’s how to be aware of what you’re revealing
  • 23andMe Privacy Ombudsman Urges User Consent Pre-Data Sale

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.