Medical Specialty Practice Says Recent Hack Affects 224,500Ransomware Operation Claims It Downloaded 2 Terabytes of Entity's Data
An upstate New York medical specialty practice told regulators that hackers compromised the personal and protected health information of nearly 224,500 employees and patients in an incident discovered in March.
RansomHouse lists the practice, Albany ENT & Allergy Services, on its dark web leak site. RansomHouse is a relatively new extortion gang that purportedly does not wield ransomware but may be a front for the White Rabbit ransomware operation. RansomHouse claims the practice's data was encrypted on March 23 and that hackers stole more than 2 terabytes of data.
Albany ENT and Allergy did not mention the alleged ransomware attack and data exfiltration in its breach report filed yesterday with the Maine state attorney general's office. The practice also did not immediately respond to Information Security Media Group's request for details about the incident.
In a sample breach notification letter, Albany ENT & Allergy said that on or about March 27, it became aware of "suspicious activity" on its computer network.
The practice on March 27 posted a message on its Facebook page informing patients that the practice was experiencing "technical difficulties" and would be unable to see patients until later that day.
In its breach notice, Albany ENT & Allergy said the forensics investigation into the incident determined that between March 23 and April 4 "an unauthorized actor may have had access to certain systems that stored personal and protected health information."
The practice said it is also reviewing its existing privacy and security policies and procedures, providing additional training to employees, and implementing additional safeguards to bolster the security of its data and systems.
As of Friday, the Albany ENT & Allergy incident did not yet appear on the U.S. Department of Health and Human Services' website listing health data breaches affecting 500 or more individuals.
RansomHouse has been implicated in other healthcare sector cyberattacks internationally. The government of Catalonia, Spain, in March blamed the RansomHouse ransomware operation for an attack that paralyzed Hospital Clinic de Barcelona, Barcelona's largest hospital system, for days (see: Breach Roundup: A Barcelona Hospital, AT&T and Hatch Bank).