Yesterday, Hive threat actors added Goodman Campbell Brain and Spine to their leak site, with a notice that they had encrypted the entity on May 20. They also provided some files as proof. But if Hive hoped this would pressure the multi-location medical entity, they seem to have misjudged their Indiana-based victim.
On the homepage of Goodman Campbell, site visitors will see a prominent notice:
Due to a recent cyber-attack, Goodman Campbell is experiencing a system outage – including its computer network and communications systems. Until our systems are fully restored, we are asking patients with urgent medical needs to call our main phone number 317-396-1300 to speak with an advanced practice provider from 8:00 a.m. – 4:00 p.m., Monday through Friday. We have established processes that permit us to care for our urgent patients until our systems are fully restored. We are committed to provide exceptional care to our patients, and will provide additional updates here as appropriate.
There is also a more detailed notice on their website that confirms that they were attacked on May 20, and explains, in part:
Though we have not yet been able to verify the full nature and extent of personal data that may have been compromised, initial analysis indicates that both Goodman Campbell patient and employee data has been accessed by an unauthorized party. The security of our patients’ and employees’ data is of the utmost importance, and we deeply regret that this attack on our systems occurred. When our investigation into the cyber-attack is complete, we will be reaching out via U.S. mail to those impacted patients and staff members.
They provide patients and employees with immediate advice about being vigilant and what they can do to protect themselves.
Having skimmed the data that Hive has already leaked, their advice would be well-taken. Not only has Hive already dumped internal information about the entity including passwords for important accounts, but it has also leaked personal and financial information on doctors, and information on named patients that include their diagnoses and procedures, with some insurance information.
Hive does not indicate on their listing how many GB or TB of files they may have accessed or acquired, but these threat actors have hit a number of medical entities and generally do get — and leak — a lot of protected health information and personal information of employees.