Marco A. De Felice reports:
The American Renal Associates (now known as Innovative Renal Care), with over 230 locations across the United States, has become the latest victim in the clinical-hospital sector of a ransomware attack. Recently, the Medusa group has made thousands of PHI and PII data stolen from the company’s servers on March 2nd publicly available on their website within the Tor networks.
[…]
The file tree remains accessible on the Medusa group’s website, consisting of over 200,000 rows of filenames, some of which date back to documents nearly 15 years old. These files include administrative documents, driver’s licenses, passports, and social security numbers (SSNs).
Read more at SuspectFile.
Medusa’s spokesperson informs DataBreaches that they not only exfiltrated data but they also locked ARA’s files.
A search of HHS’s public breach tool does not reveal any report by the entity as of publication and there is no notice on Innovative Renal Care’s website.
DataBreaches sent an inquiry to Innovative Renal Care, asking about their response to the attack, but no reply has been received by publication.
Innovative Renal Care’s website is still silent on this breach and SuspectFile’s news is almost a week old. I suppose the company is investigating…
Suspect File will be doing an update on that one at some point. The threat actor has shared more data with him and it shows many more patients than Suspect File previously got to inspect. So yes, ARA has their work cut out for them.