Attacks on the healthcare sector continue, but as this blogger observed in reporting on hacks by thedarkoverlord, it’s often the attackers who first reveal the breaches piece the victims may not even reply to inquiries. AffordaCare Urgent charge Clinic is a walk-in urgent guardianship clinic network in tx that advertises that they can ply charge for most common illnesses and minor injuries. They also have x-ray and diagnostic capabilities. AffordaCare has clinics in two locations in Abilene, ace in Early, one in Stephenville, 1 in Wichita Falls, and 1 in Big Spring, Texas. It appears that on february 1, AffordaCare was attacked by Maze Team, who exact to have exfiltrated more than 40 gigabit of data, including protected health information. According to the hackers, when AffordaCare didn’t pay the demanded ransom to receive a decryption key and to deter the attackers from publicly dumping the stolen data, maze team added the clinic to its website where it names its victims who are not cooperating with ransom demands. For an update on maze Team’s activities, reckon our additional reporting today. as it has done in other cases, Maze Team provided samples of the data they had stolen. The publicly available files included patient indemnity exact forms, workers compensation documentation, employee payroll information, and other files. DataBreaches.net has redacted a few of them, below, but the files in the data wasteyard contained patients’ full names, social Security number, engagement of birth, diagnosis code, handling code, patient speech and phone number, relevant medical account and reason for visit, billing information, and insurance policy information among the data types. Not all patients had all these types of information in their exposed files. If you were a patient at an AffordaCare urgent guardianship center in Texas prior to February 1, 2020, have you received any notice of any breach? get you recently turn a victim of dupery or identity theft? We’d love to hear from you. AffordaCare did not respond to inquiries sent to the site about the attack. They continue to update their Facebook account without making any mention at all of a privacy incident. Nor does the transgress appear on their website or on HHS’s public breach cock at the time of this publication. With multiple locations, this breach may easily experience compromised thousands of patients’ protected health information. We’ll have to wait and assure if AffordaCare discloses this publicly and reports it to HHS within the 60 day window. But AffordaCare is not the only urgent care clinic that this site is watching for follow-up. DataBreaches.net was also recently made aware of another urgent care centre that also appears to have been attacked. Advanced Urgent care of the Florida Keys Advanced Urgent care of the fl Keys. Upon discovery of another urgent upkeep readiness being attacked, DataBreaches.net reached out to maze team to inquire whether this center was also ace of their victims. maze Team replied that this was not their attack. We might know more about this one if it had been by maze Team, as we currently have very little information on this attack. data from the assail was posted on a Russian-language forum in a thread that translates to “Malicious Defaulters.” From that subject line and a comment by the notice that Advanced Urgent upkeep of florida Keys “refuse to pay,” it sounds like a ransomware attack, but that has yet to be confirmed. The poster added, “dump of their server, maybe someone will happen something useful” (Google translation). The data, made freely available on a popular file-sharing site, contained more than 14,000 patients’ personal information. For some of the patients, there were numerous scans of patient records. in most cases, these were scans of reports that included some handwritten notes and results with the patients’ personal information, medical history, reason for testing or visit, and more. as with the texas group, the Florida practice’s waste-yard contained a wealth of protected health information as well as billing information. One of the folders contained spread sheets listing patient first and last names, phone numbers, email addresses, and co-pay status on bills. Other “export” spreading sheets listed patients by their medical tape numbers but listed their insurer, date of service, diagnosis (in text, not coded number), CPT code, and information on co-pay, etc. Advanced Urgent care of the Florida Keys was sent several inquiries about the round and data dump but did not reply at all. Based on the timestamps and filenames, the data appear to experience been exfiltrated on or about mar 1 of this year, so this is a recent attack and we may not see any mark or entry on HHS’s public breach cock for a while.
