DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

In the midst of restructuring, Guardian Healthcare hit by ransomware attack

Posted on November 8, 2024November 8, 2024 by Dissent

A recent article on the cybersecurity risks posed by mergers and acquisitions begins:

When companies merge, it creates significant cybersecurity challenges in two main ways: firstly, challenges arise in integrating disparate security infrastructures, and secondly, an M&A transaction brings together diverse organizational cultures which presents its own challenges from a cyber perspective. Yet the limited involvement of IT and cybersecurity within M&A teams can lead to cybersecurity considerations taking a back seat early in the process, potentially resulting in unforeseen vulnerabilities and risks.

Guardian Healthcare in Pennsylvania was going through restructuring when they became the victim of a ransomware attack by someone using Stormous ransomware. And when they didn’t pay the threat actors’ demands by mid-October, Stormous leaked 3 GB of files, many of which contain protected health information (PHI) of patients. The leak does not appear to include the EMR system or entire databases, but it does include a lot of individual files with sensitive information — files that appear to trigger notification requirements under HIPAA.

Finding nothing on Guardian Healthcare’s website that indicated they were aware of any breach or were responding to it, DataBreaches reached out to them via email on Wednesday. DataBreaches asked them if they were aware of the apparent breach, and if so, what were they doing in response. In case they were not aware they had been breached, the email included a link to the data tranche and some text from some of the files.

Guardian Healthcare did not reply, but DataBreaches asked Stormous some questions about the incident. One of the questions this site posed was whether Guardian had been targeted because it was undergoing restructuring and might be more vulnerable to attack. The spokesperson for Stormous was unable to answer that, saying, “Perhaps it’s not about that, or it depends on the concept or approach of the person affiliated with our RaaS.” In other words, they did not know why the affiliate targeted Guardian. But the spokesperson did say that the affiliate first gained access to several accounts through Office, impersonating accounts to target a list of key employees there or in groups that had been created by Guardian.

“Some accesses were successful while others failed, and 7GB of data was extracted, with 3GB being somewhat important and subsequently leaked,” the spokesperson told DataBreaches. They added that Guardian did know about the breach and there was some contact with them, “but they did not respond significantly to the incident, so the final solution was to leak the data.”

Stormous also confirmed that Guardian’s files were encrypted during the attack.

Does Guardian have usable backups, or has some patient data been corrupted or lost because of the attack? We do not know because Guardian has not issued any statement or preliminary notice about the incident. And of course, the affected patients likely have no idea that their data has been publicly leaked.

DataBreaches will update this post if more information becomes available.

No related posts.

Category: Health DataMalwareU.S.

Post navigation

← Germany drafts law to protect researchers who find security flaws
Still in the dark: A “500 marker” is updated, but too many still aren’t. Is HHS doing anything about this?? →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.