DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Carolina Arthritis hit by ThreeAm ransomware attack

Posted on October 25, 2024 by Dissent

On Thursday morning, ThreeAM added Carolina Arthritis to its leak site. Some ransomware groups add a listing, post some claims and a few screencaps, and then give the entity a deadline to pay up, or they leak a bit of data and then give the entity a final deadline. ThreeAM doesn’t seem to work that way. Within hours of posting the listing with a note that files would follow soon, they leaked all of the data they had exfiltrated from the medical practice.

A listing by ThreeAM indicates that data exfiltrated from Carolina Arthritis was dumped on October 24. Image: DataBreaches.net

ThreeAM provided DataBreaches with some additional details about the incident, including a file list showing what was exfiltrated. They also told DataBreaches that the attack was on September 27 and that they had encrypted the medical practice’s files.

In response to a query about how much data they acquired, their spokesperson responded that a lot of documents that should be protected under HIPAA were uploaded. The protected health information (PHI) included personal information (including that of one of the physicians), medical histories, medical records, test results, and more.

DataBreaches asked whether there had been any response from Carolina Arthritis to ThreeAM’s demands or any negotiations. ThreeAM replied that there had been some negotiation with Dr. Harris, but it turned out to be a waste of their time. They decrypted a few files as proof of their ability to decrypt files, and when Dr. Harris reportedly asked them to extend the timer to pay, ThreeAM claims they agreed to give them more time. But Dr. Harris reportedly never made any counteroff to their demand, only asking that they be “more reasonable,” because they didn’t have the money to meet the threat actors’ demands. That response did not sit well with ThreeAm, it seems, as they had found the doctor’s retirement account statement in the files and could see that the doctor had a very hefty retirement balance. (ThreeAM did not reveal the amount of their initial demand, and DataBreaches is not revealing the bank statement showing the doctor’s retirement account, a copy of which was provided to this site).

Inspection of the file list provided to DataBreaches revealed that there were many internal business records on Carolina Arthritis’s Z: drive, including some employee data such as payroll, tax information, 401k, and other benefits information. Much of it went back years, but since SSN and other identity information may not change, people will have to be notified. The internal documents also contained a number of files with computer usernames and passwords. DataBreaches hopes that none of it is current data and that the practice didn’t reuse passwords or they may have another big item on their incident response to-do list.

More than 20 years of files will have to be reviewed to figure out who needs to be notified and what types of information were involved for them.

Carolina Arthritis did not respond to inquiries submitted via its site yesterday morning. Nor did it respond to inquiries submitted yesterday afternoon asking whether the attack had impacted patient care at all and if they had a usable backup for any patient files that may have been encrypted. While  it does not appear that ThreeAM accessed the EMR system, even old scanned files can be important in patient care to compare how a patient was doing years ago to how they are doing now.

This post will be updated if Carolina Associates replies or more information becomes available.

No related posts.

Category: Health DataMalwareU.S.

Post navigation

← Indian court tells Star Health to share details of leak so Telegram can delete chatbots
American creating deepfakes targeting Harris works with Russian intel, documents show →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked
  • Hunters International to provide free decryptors for all victims as they shut down (2)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t
  • Oregon Amends Its Comprehensive Privacy Statute

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.