DataBreaches.net has continued to follow up on the ransomware attack on Missouri Delta Medical Center claimed by Hive threat actors. This site broke the story about the breach on September 12.
Several days ago, the listing for MDMC was removed from Hive’s leak site, despite the threat actors’ warnings that they were going to follow up by dumping more data. In light of the disappearance of the listing, this site reached out to MDMC again. This time, we received a response. The following statement was provided to this site by Sharon Urhahn, Director of Marketing:
Missouri Delta Medical Center’s computer systems were recently accessed by an unauthorized third party. We are working with a leading forensic security firm to investigate and determine the nature of the incident.
While this incident is not currently impacting our ability to provide care to our patients, we were recently notified that the unauthorized third party posted on their blog site some information that was purportedly taken from one of our servers. The investigation into the scope of the incident and the data potentially involved remains ongoing; however, based on the investigation to date, we have no indication that data in our main electronic medical record system is involved. We will provide additional information as appropriate based on our ongoing investigation. Additionally, we have notified law enforcement regarding the incident, and we will cooperate with any law enforcement investigation.
We apologize for any inconvenience this incident may have caused, and are taking steps to increase our security and reduce the risk of a similar incident occurring in the future. We remain focused on continuing to serve our community.
The statement does not reveal that there was any ransom demand, nor whether they paid any ransom. Nor does the statement indicate that HHS was notified or that patients have started to be notified, so there will undoubtedly be further updates to this incident.