week09-2022-min-min

Here’s your weekly #databreach news roundup:

Logan Health, Four Healthcare Providers, Scenic Group, State Bar of California, and Conti ransomware.

Logan Health

week09-2022-loganhealth

Logan Health Medical Center recently notified 213,543 patients, employees and business associates that their personal and health data was possibly accessed, after a sophisticated cyberattack on its IT systems led to the hack of a file server containing protected health information.

On Nov. 22, the Montana provider responded to suspicious activity and “evidence of unauthorized access” to one of the eight file servers used for business operations. An investigation revealed certain files were subjected to unauthorized access, including employee PHI. The electronic medical record was not affected by the security incident.

The compromised data varied by individual and could include names, Social Security numbers, dates of birth, contact information, and email addresses. All impacted individuals will receive a year of identity monitoring services.

Four Healthcare Providers

Ransomware attacks have recently been reported by four healthcare providers across the country, which have collectively resulted in the exposure and potential theft of the protected health information of more than 49,000 individuals.

Jax Spine & Pain Centers

Jax Spine and Pain Centers in Jacksonville, FL has recently announced it was the victim of a ransomware attack that occurred on January 24, 2022. The attack was conducted on an inactive server that contained records of patients who had visited either its Jacksonville or St. Augustine locations prior to May 2018.

Extend Fertility

Extend Fertility, a New York City fertility clinic, has recently notified 10,373 patients that some of their protected health information has potentially been obtained by unauthorized individuals as a result of a ransomware attack that was detected on December 20, 2022.

Spine Diagnostic & Pain Treatment

Spine Diagnostic & Pain Treatment in Louisiana appears to have been the victim of a Conti ransomware attack. According to Databreaches.net, 3,351 files containing patient information have been uploaded to the Conti gang’s data leak site, which the Conti gang claims represents around 30% of the exfiltrated files. Around 4 GB of data was uploaded to the leak site and the files contained a selection of data including scanned driver’s licenses, patient records, insurance billing information, and other PHI.

La Posada at Park Centre

La Posada at Park Centre, a retirement community in Sahuarita, AZ, has recently notified 812 individuals that some of their protected health information was exposed and potentially compromised in a cyberattack that occurred on December 10, 2021. La Posada said “a software virus” was downloaded onto its systems that prevented staff from accessing files and email. Assisted by third-party forensics experts, La Posada determined on January 24, 2022, that the attackers potentially had access to files that contained patient information.

Scenic Group

Officials from Scenic Group announced on Monday the company experienced a cyber security incident involving unauthorized access to IT systems.

Scenic Group Chief Operating Officer Rob Voss said in a statement the company’s teams had isolated the IT systems to minimize any further impact and launched a formal investigation into the breach. Officials hired external cyber security forensic experts to resolve the situation and bring systems back online.

State Bar of California

week09-2022-sboc

The State Bar announced today that it is taking urgent action to address a breach of confidential attorney discipline case data that it discovered on February 24. A public website that aggregates nationwide court case records was able to access and display limited case profile data on about 260,000 nonpublic State Bar attorney discipline case records, along with about 60,000 public State Bar Court case records. The site also appears to display confidential court records from other jurisdictions.

Under California Business and Professions Code 6086.1(b), all disciplinary investigations are confidential until the time that formal charges are filed, and all investigations are confidential until a formal proceeding is instituted.

The nonpublic case profile data from the State Bar appears to have been displayed on this public website in violation of this statute. It includes case number, file date, case type, case status, and respondent and complaining witness names. It does not include full case records. We do not yet know how many attorney or witness names were disclosed.

Conti Ransomware

A Ukrainian security researcher has leaked over 60,000 internal messages belonging to the Conti ransomware operation after the gang sided with Russia over the invasion of Ukraine.

BleepingComputer has independently confirmed the validity of these messages from internal conversations previously shared with BleepingComputer regarding Conti’s attack on Shutterfly.

AdvIntel CEO Vitali Kremez, who has been tracking the Conti/TrickBot operation over the last couple of years, also confirmed to BleepingComputer that the leaked messages are valid and were taken from a log server for the Jabber communication system used by the ransomware gang.

Kremez told BleepingComputer that the data was leaked by a researcher who had access to the “ejabberd database” backend for Conti’s XMPP chat server. This was also confirmed by cybersecurity firm Hold Security.

In total, there are 393 leaked JSON files containing a total of 60,694 messages since January 21, 2021, through today. Conti launched their operation in July 2020, so while it contains a big chunk of their internal conversations, it is not all of them.