ES: HLA Grupo Hospitalario data listed for sale after web server misconfiguration
On March 14, a forum user on BreachForums listed data from the HLA Grupo Hospitalario in Spain for sale. The listing advertised 45,000 patient records and information on 1,600 doctors, with samples provided of each.
HLA Grupo Hospitalario is owned by Asisa, which has 18 hospitals and 17 centers located in different cities of Spain.
In private messages, the forum user provided DataBreaches with additional details. They claim the data were obtained from a misconfigured web server on March 10 and that they are asking $300 for all of the data, but the price is “obv tradable” (negotiable).
When contacted by Cronica Global, Asisa stated that they had activated a security alert and were studying the matter. However, they could not confirm the theft of data nor its supposed scope. DataBreaches sent an email inquiry to HLA Grupo Hospitalario asking for their response to the situation and claims, but received no reply.
CO: Schrader Camargo Named By LockBit
Schrader Camargo offers EPC services (Engineering, Procurement and Construction) services. Their name was added as a claimed victim on the LockBit3.0 leaks page on March 11, with some samples. LockBit has not leaked data other than samples so far, but claims to have about 267GB of data.
No notification of any incident appears on the firm’s website or on social networks, and there has been no reply to an email sent to them on March 16.
AR: CEOSP Suffers Cyberattack
La Cooperativa de Electricidad Obras y Servicios Públicos de San Antonio de Areco (CEOSP) posted a notice yesterday on Facebook about an incident:
In translation, the notice says, in part:
We inform you that on Friday, March 17, the CEOSP will remain closed due to problems with our servers. The technical staff of the cooperative is working since Sunday morning to solve this situation as soon as possible.
However, our claims guard will function normally. In case of any electrical inconvenience you can call 452525.
At the same time, we ask the community to make responsible use of electricity.
We apologize for the inconvenience caused.
Media outlet Boscoproducciones obtained some details about the type of incident:
Martin Rigassi … said that after opening an email, a virus entered the entire computer system, all the computers that were hooked up. Because of this, from now on they cannot enter any machine and whoever is behind this (they still don’t know or can locate the IP) is asking them for money in exchange for returning all the files, all the information that our city’s electricity cooperative has had for years.”
CEOSP has not replied to an email inquiry sent yesterday about the situation.
PR: Autoridad de Acueductos y Alcantarillados Confirms Ransomware Attack
Autoridad de Acueductos y Alcantarillados (AAA) is a public entity in charge of managing the quality, management and supply of drinking water in Puerto Rico. AAA has confirmed to Vocero that they suffered a ransomware attack on March 13. The attack has reportedly affected AAA’s electronic customer service systems.
Arnaldo Jimenez Acevedo, Vice President of AAA’s strategic planning, said, “Certainly the agency suffered what is known as a cyberattack on Monday morning. Our system, a robust system, protected itself as part of the established processes and that happened around 6:37 in the morning.”
There has been no statement about who the threat actor(s) are, but AAA has indicated it will not pay any ransom to restore access because there is no indication that employee or customer data has been affected.
Editing by Dissent.