Marco A. De Felice prefaces his reporting on a Ragnar_Locker attack with this message: For ethical reasons we did not want to spread the news of the attack on the hospital’s IT infrastructure before the news became public knowledge. Indeed, on December 20, SuspectFile had already become aware of the ransom note written by the…
Category: Health Data
CommonSpirit Gets Restraining Order in Missing Patient Info Suit (UPDATED)
Holly Barker reports: CommonSpirit Health, one of the country’s largest nonprofit health systems, convinced a federal judge in Texas to order a medical technology vendor to return hundreds of thousands of medical records it was sent to archive. The US District Court for the Northern District of Texas’s order directs Emerge Clinical Solutions LLC to…
Updating Scripps Health ransomware incident: litigation settlement
Dorian Hargrove of CBS reports that Scripps Health has agreed to pay more than $3.5 million dollars to victims of a ransomware attack in 2021 that compromised the personal information of more than one million patients. More than 1 million patients? At the time, Scripps had reported that it was notifying 147,267 patients, and that…
Updating the Lake Charles Memorial Health System data breach
On Oct. 25, the Hive ransomware team notified Lake Charles Memorial Health System that they had been in their system for 12 days and had exfiltrated 270 GB of the hospital, employee, and patient data. As Hive informed the health system and DataBreaches, Hive had exfiltrated data but not locked it. They demanded $900,000 to…
“No need to hack when it’s leaking:” the “Here’s how you get a HIPAA complaint” edition
So… regular readers know that DataBreaches has occasionally reported on data security incidents in the healthcare sector that involved leaks due to misconfigurations of GitHub repositories, storage buckets, open directories, etc. Not all of this site’s attempts to disclose leaks responsibly have gone smoothly, as described in a collaborative paper written with Dutch researcher Jelle…
St. Rose Hospital patient data appears on hacking forum (UPDATE1)
On December 20, a listing appeared on a popular forum that offered documents allegedly from St. Rose Hospital in Hayward, California. The listing was not a sales listing but rather a “demo data pack” listing of what was described as documents from a leak. The total leak allegedly contains 1.7 TB of files with: Financial…