• About
  • Advertise
  • Careers
  • Contact
Saturday, March 25, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Data Breach

Med group’s breach disclosure claims SSNs unaffected; leaked docs suggest otherwise

by Cyber360 News
April 2, 2020
in Data Breach
0
Med group’s breach disclosure claims SSNs unaffected; leaked docs suggest otherwise
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

The Affordacare Urgent Care Clinic, a network of medical providers based in Texas, has officially confirmed a combination data breach-ransomware attack that exposed sensitive information. The company is claiming that social security numbers were not impacted in the incident, despite security experts having demonstrated that the attackers have published stolen documents containing patients’ and employees’ SSNs.

The attack, which took place around Feb. 1, has been attributed to the Maze ransomware group, and was originally reported several weeks ago by Databreaches.net. On Tuesday, the Abilene Reporter News reported that the company, which operates five locations across West Texas, has since notified patients of the breach by letter. The report also cites a press release — which SC Media has so far been unable to obtain — in which the company states that it first learned of the incident on Feb. 4.

Affordacare also has set up an FAQ page, which says affected information includes patient name, address, telephone number, date of birth, age, date of visit, location of visit, reason for visit, insurance plan provider, insurance plan policy number, insurance group number, treatment codes and descriptions, and health care provider comments.

“However, this incident did not affect your electronic health records, labs, Social Security number or any personal payment information,” the FAQ page asserts. “The majority of your health care records are stored securely in an electronic health record system that is cloud-based. The EHR was not affected by this incident.”

But upon reporting the incident several weeks ago, DataBreaches.net published a sample of an anonymized employee’s stolen W4 form that included a Social Security number. Also, yesterday evening, Brett Callow, threat analyst at Emsisoft, sent SC Media an email containing another example — a patient’s release of medical records that clearly includes a written social security number.

Additionally, Callow sent SC Media additional documents posted on the Maze site, which appear to consists of detailed customer payment records, as well as filled-out health forms that — even if they did not come from the cloud-based electronic health record system — appear to at the very least contain protected health information.

Maze attackers typically begin publishing documents such as these on its public doxxing website if they do not receive an extortion payment from victims whose files have been encrypted and exfiltrated.

The FAQ page also does not appear to acknowledge employee data was affected, even though DataBreaches.net had previously reported that worker compensation documentation and employee payroll information were impacted. Callow also said that he found the resumes of job applicants among Maze’s data stash.

SC Media has reached out to Affordacare for comment and clarification on its various claims about the affected information.

Meanwhile, Databreaches.net has also reported that it observed a post on a Russian-language forum suggesting that Advanced Urgent Care of the Florida Keys also suffered a data exfiltration attack. The culprits behind this incident are unknown, and the Maze group reportedly denied involvement.

On its FAQ page, Affordacare says it responded to the incident by contacting federal and local law enforcement, implementing “additional safeguards to improve data security,” identifying and removing the vulnerability exploited by the attackers, and offering a year of free credit monitoring and identify theft monitoring.

Cyber360 News

Cyber360 News

Next Post
Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

Microsoft issues targeted notification to hospitals vulnerable to Ransomware attacks

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In