Medusa has struck another medical entity. This time, it is Pulse Urgent Care Center. According to its website, Pulse Urgent Care Center offers a range of services that includes urgent care, clinical medicine, women’s health, workers’ compensation, and employer services. Its headquarters is in Redding, California. It also has a location in Red Buff, California.
As SuspectFile reports, Medusa published some proof of claims with a file tree that includes over 127,000 lines of data in text format. The exfiltrated data reportedly includes:
- Patient medical records: Details including diagnoses, treatments received, and test results.
- Administrative data: Business-related information concerning the internal management of the healthcare provider.
- Insurance data: Information regarding patient health insurance policies, including coverage details and benefits.
- Provider list: Data regarding doctors and healthcare professionals, including their names, DEA and license numbers, and NPI numbers.
- Provider Record Update Forms: Documents used to update data on healthcare providers.
- Employer Contact and Billing Information Forms: Details on how to contact employers and handle billing.
- Login credentials: Stolen usernames and passwords for the website of Rapid Radiology, Inc., a U.S. company specializing in teleradiology.
Medusa’s listing for the incident indicated that the financial demand was $120,000 in BTC to either download all the data or delete it all.
Read more at SuspectFile.
As of publication, there is nothing on Pulse Urgent Care Center’s website that indicates anything is amiss. SuspectFile reports that they did not respond to an inquiry that site sent. DataBreaches has also sent an inquiry via the on-site contact form asking how they are responding to the claimed attack and whether patient care has been impacted. No reply has been immediately available. At the present time, though, Pulse Urgent Care Center has neither confirmed nor denied the claimed attack.