DataBreaches should no longer be surprised to see threat actors claim to have hundreds of GB of files from medical entities, but it’s still concerning that entities can have so much data accessed and exfiltrated and yet not detect the attack.
For today’s example, we point to Physicians Medical Billing, which was added to LockBit3.0’s leak site this week.
According to the Physicians Medical Billing, Inc. website, PMB is a “full-service medical billing and accounts receivable management firm” that is headquartered in Maryland. Its website has no email contact, no privacy policy, no mention of HIPAA, and nothing about security or how to contact it about any data security concern(s).
A search for employee reviews of working at PMB uncovered a somewhat surprising comment. One former employee who gave it a 1-star (poorest) rating in October 2023 wrote, in part, “Everyday is different. You never know what to expect. Federal agents came and seized IT HARDWARE.” If that is true, DataBreaches would love to know when and why their IT hardware was seized.
For its part, LockBit posted a number of screenshots as proof of claims. They also claim to have acquired a total data volume of 850 GB. Whether that is true or not remains to be seen if and when LockBit leaks all the data they claim to have. As of publication, however, Physicians Medical Billing has nothing on its website to indicate any breach or anything amiss.