Retreat Behavioral Health (RBH) has addiction treatment facilities in Florida, Pennsylvania, and Connecticut. On July 1, 2022, they reportedly detected a ransomware attack. Letters were sent out this week, but because Massachusetts actually prohibits entities from providing important details in notifications to consumers, there’s a lot we don’t know about this incident yet. Specifically, the…
Category: Breach Incidents
Bits ‘n Pieces (Trozos y Piezas)
BR: Monte Cristalina claimed by LockBit3.0 On December 19, Monte Cristalina S.A. was added to LockBit3.0’s leak site. The group claims to have 135GB of information about the holding company, and has already uploaded some data as proof. Access to Monte Cristalina’s website has been blocked, and we have found no acknowledgement or confirmation by…
NC: Monarch notifies HHS of breach, but where are the details and notice?
On September 1, a listing on a dark web site by a group calling themselves Don#t_Leaks named MonarchNC as a victim. The listing did not appear for long. The only “proof” offered at the time was a filetree and a screencap of what might be an index of an inbox showing monarchnc.org domain in email…
Attack on the Azienda Ospedaliera di Alessandria hospital: additional details on the case
Marco A. De Felice prefaces his reporting on a Ragnar_Locker attack with this message: For ethical reasons we did not want to spread the news of the attack on the hospital’s IT infrastructure before the news became public knowledge. Indeed, on December 20, SuspectFile had already become aware of the ransom note written by the…
Counsel for alleged member of ShinyHunters tries a legal “Hail Mary” play to block extradition
Since May 31, French national Sebastien Raoult has been detained in Morocco while the U.S. seeks his extradition to the U.S. to face charges he allegedly engaged in criminal activities with ShinyHunters. On December 26, the Moroccan court of cassation ruled that yes, he would be extradited. After exhausting all appeals to the French government…
Updating Scripps Health ransomware incident: litigation settlement
Dorian Hargrove of CBS reports that Scripps Health has agreed to pay more than $3.5 million dollars to victims of a ransomware attack in 2021 that compromised the personal information of more than one million patients. More than 1 million patients? At the time, Scripps had reported that it was notifying 147,267 patients, and that…