DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

BlackCat adds a community behavioral health center in Alabama to its leak site (UPDATED)

Posted on July 15, 2023 by Dissent

AlphV (aka BlackCat) threat actors have added Highland Health Systems in Alabama to their leak site.

As proof of claims, they have leaked a number of files with employee and patient data or information, including part of a psychiatric intake form with a narrative from 2008. Other files are more current.

Highland Health Systems is part of the Behavioral Healthcare Alliance of Alabama. As part of its services, it provides treatment for those with substance abuse problems. The image below contains information on clients in a co-occurring substance abuse program:

As proof of access to Highland Health System’s network, BlackCat leaked files, including this one with ClientID, first and last name, whether the client had dependent children (Y/N), what substance they were abusing, how the substance was ingested (oral, smoking, injection), and if there was a second substance also being abused, what type of substance. Redacted by DataBreaches.net

BlackCat’s message claims that they have patient logs, mental health records, SSNs, drivers licenses, and employee passwords.

“Juicy data will be listed on darkent marketplace within 5 days. Other data (1.8TB) will be published within 5 days,” they write.

Of special note, they claim they will be contacting all patients and employees by phone and offering them the opportunity to pay to have their data removed from public leaks or darknet sales.

While it is not the first time threat actors have contacted patients directly to offer them the opportunity to pay to get their data removed, this is the second time in recent weeks DataBreaches has observed this being used when sensitive patient data is involved.

“HHS you still have some time to resolve the issue. CEO is welcome to chat with us,” they end their message.

DataBreaches sent a contact form inquiry to Highland asking about their incident response, but no reply was immediately available.

UPDATE:  On Sunday, AlphV removed the Highland listing from their leak site. When I inquired why, their spokesperson told me the attack had violated their prohibition against attacking non-profits.

When DataBreaches asked whether the individual had the data and could try to extort Highland on their own, AlphV’s spokesperson replied that we didn’t have to worry about that as the individual didn’t have the data.

 

Related posts:

  • “BlackCat” attempts to up the pressure on Suffolk County; starts to leak data?
  • Two California plastic surgery practices suffer cyberattacks and embarrassing patient data leaks
  • “Without Undue Delay,” Part 2
  • Blackcat may be gone, but recovery from its attacks is not over
Category: HackHealth DataU.S.

Post navigation

← Eleventh Circuit Requests Refined Class Definition For Data Breach Class Action
TX: City of Odessa dealing with data breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.