Medusa Ransomware Group Exposes Data Stolen from American Renal Associates
American Renal Associates (ARA) experienced an attack by the Medusa ransomware group. ARA is a dialysis services provider in the United States and cares for patients battling end-stage renal disease. Before ARA announced the ransomware attack, the Medusa ransomware group already leaked information purportedly stolen in the cyberattack. The attack happened on March 2, 2024, and impacted many computers.
Upon investigation of the leaked information by Marco A. De Felice, the Medusa group stole approximately 5TB of information including the protected health information (PHI) of about 37,700 patients. The leaked data included patient names, birth dates, telephone numbers, email addresses, health records, copies of driver’s licenses and passports, Social Security numbers, medical insurance details, and company information.
Family Health Center Cyberattack
Family Health Center located in Kalamazoo, MI, has reported a cyberattack that resulted in system disruption and affected the operation and accessibility of selected systems. On January 25, 2024, immediate action was undertaken to control the attack and stop more unauthorized access. A third-party cybersecurity company conducted a forensic investigation.
The investigation uncovered proof of unauthorized access to records that included patient data. The analysis of those records revealed that they included employee data like names, addresses, medical insurance data, and Social Security numbers, and patient data like first and last names, and medical details. Family Health Center has submitted the breach report to the HHS’ Office for Civil Rights as impacting 3,240 people and stated it has taken action to enhance security by extending multi-factor authentication and improving tracking of its system for suspicious activity.
15,203 Medical Plan Members Impacted by Cattaraugus-Allegany Board of Cooperative Education Services Cyberattack
Cattaraugus-Allegany Board of Cooperative Education Services (CABOCES) located in southwestern New York encountered a sophisticated cyberattack that resulted in disruption to a few of its internal tools, software programs, and servers. Third-party cybersecurity professionals helped CABOCES investigate the incident and confirmed that an unauthorized third party got access to its systems from July 5, 2023 to July 20, 2023. In that period, the attacker acquired access to the information of present and past workers who were AC Schools Medical Health Plan members.
The analysis of the impacted files revealed that they included names, financial account data, Social Security numbers, driver’s license numbers, passport data, health data, and/or medical insurance details. Notifications were sent by mail to the 15,203 impacted persons starting on April 4, 2024.
North Carolina Dental Practice Experiences a Ransomware Attack
Mary H. Makhlouf, DMD, MS, PA based in Burlington, NC recently announced that her practice encountered a sophisticated ransomware attack on January 24, 2024. Upon recognition of the attack, the network was quickly secured to stop further unauthorized access, and third-party cybersecurity experts investigated the incident.
The investigation found proof that some patient files had been accessed. Although it cannot be determined specifically what information was viewed or copied from the system, the breached files contained names and one or more of the listed types of data: address, phone number, date of birth, email address, driver’s license/state ID number, Social Security Number, financial account details, treatment/diagnosis data, prescription data, provider name, Medicare/Medicaid ID number, medical record/case number, health insurance details, and treatment cost.
Notification letters will be sent to the affected persons as soon as up-to-date address data has been obtained. The breach report was recently submitted to the HHS’ Office for Civil Rights, which indicated that around 1,797 people were impacted.
