DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

In the midst of restructuring, Guardian Healthcare hit by ransomware attack

Posted on November 8, 2024November 8, 2024 by Dissent

A recent article on the cybersecurity risks posed by mergers and acquisitions begins:

When companies merge, it creates significant cybersecurity challenges in two main ways: firstly, challenges arise in integrating disparate security infrastructures, and secondly, an M&A transaction brings together diverse organizational cultures which presents its own challenges from a cyber perspective. Yet the limited involvement of IT and cybersecurity within M&A teams can lead to cybersecurity considerations taking a back seat early in the process, potentially resulting in unforeseen vulnerabilities and risks.

Guardian Healthcare in Pennsylvania was going through restructuring when they became the victim of a ransomware attack by someone using Stormous ransomware. And when they didn’t pay the threat actors’ demands by mid-October, Stormous leaked 3 GB of files, many of which contain protected health information (PHI) of patients. The leak does not appear to include the EMR system or entire databases, but it does include a lot of individual files with sensitive information — files that appear to trigger notification requirements under HIPAA.

Finding nothing on Guardian Healthcare’s website that indicated they were aware of any breach or were responding to it, DataBreaches reached out to them via email on Wednesday. DataBreaches asked them if they were aware of the apparent breach, and if so, what were they doing in response. In case they were not aware they had been breached, the email included a link to the data tranche and some text from some of the files.

Guardian Healthcare did not reply, but DataBreaches asked Stormous some questions about the incident. One of the questions this site posed was whether Guardian had been targeted because it was undergoing restructuring and might be more vulnerable to attack. The spokesperson for Stormous was unable to answer that, saying, “Perhaps it’s not about that, or it depends on the concept or approach of the person affiliated with our RaaS.” In other words, they did not know why the affiliate targeted Guardian. But the spokesperson did say that the affiliate first gained access to several accounts through Office, impersonating accounts to target a list of key employees there or in groups that had been created by Guardian.

“Some accesses were successful while others failed, and 7GB of data was extracted, with 3GB being somewhat important and subsequently leaked,” the spokesperson told DataBreaches. They added that Guardian did know about the breach and there was some contact with them, “but they did not respond significantly to the incident, so the final solution was to leak the data.”

Stormous also confirmed that Guardian’s files were encrypted during the attack.

Does Guardian have usable backups, or has some patient data been corrupted or lost because of the attack? We do not know because Guardian has not issued any statement or preliminary notice about the incident. And of course, the affected patients likely have no idea that their data has been publicly leaked.

DataBreaches will update this post if more information becomes available.

Category: Health DataMalwareU.S.

Post navigation

← Germany drafts law to protect researchers who find security flaws
Still in the dark: A “500 marker” is updated, but too many still aren’t. Is HHS doing anything about this?? →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup
  • Montana Attorney General launches investigation into Lee Enterprises data breach
  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
  • Proposed class action settlement in In re Netgain Technology litigation
  • Qilin Offers “Call a lawyer” Button For Affiliates Attempting To Extort Ransoms From Victims Who Won’t Pay

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.