It’s i thing to disregard ransom demands from threat actors, but how smart — or foolish — is it to live sarcastic or insulting to those who have exfiltrated files with your patients’ protected health information? DataBreaches.net was recently contacted by threat actors who were previously associated with other groups. They claimed to have attacked Compton and Broomhead Dental middle in in (C&B Dental Center) on october 8 and to have exfiltrated patient files. When DataBreaches.net checked, we could happen no incident on HHS’s public breach tool. Nor could we find any report on the Indiana Attorney General’s Office breach site (although that site has not been updated since last August). There has been no public notice that has been indexed by Google, and there is no observation on the dental practice’s website. so three months after the attack, there does not appear to have been any public observation or disclosure. A interpreter for the threat actors provided this site with proof of claims — in fact, they provided more than 4,200 files with PHI. The files had C&B’s epithet at the cover of each page. DataBreaches.net did not contact patients directly (this site tries to avoid that), but using a sample of files, confirmed via Google searches and SSN proof that there are real people with those names at those addresses. This site also confirmed that� �Social security Numbers found in the patient files are valid SSNs from states and time periods that would live consistent with the patients’ reported dates of birth. Some files provided to this site contained patients’ names and medical history screening. The screening was not confined to dental issues but inquired about all systems. The incompletely redacted image below demonstrates that the screening included mental health issues. This patient’s psychotropic medications were listed on the form and have been redacted. Other files contained demographic info and health insurance info including name, address, engagement of birth, social certificate number, health indemnity plan name, contributor ID, group number, driver’s licence number, name and location of employer, and secondary health insurance information. a third file provided to this site contained some patients’ names, phone numbers, and email addresses. According to the threat actors, they did not encrypt the practice’s files. On january 5, DataBreaches.net sent inquiries to C&B via their website’s contact form and then via direct email to both dr. Compton and their marketing person.� In the contact form message, this site included 2 filenames and the corresponding patients’ initials so that C&B� could confirm the validity of the claimed breach if they had not already confirmed it. In the email, C&B was asked whether they had notified HHS and the indiana attorney General’s Office. They were also asked whether they notified patients or what they had done in the way of incident response. No replies at all have been received. a spokesperson for the threat actors claims that they had only limited interaction with what mightiness have been an IT provider for the praxis but there were no negotiations over any payment and that at times, the somebody or persons were somewhat sarcastic. After contacting some employees’ families, as one example, someone responded to them, “Oooh what are you gonna do. Remind them when their dental cleanings are?” That seems unlikely, but the representative informs this site that their plan includes dumping all of the patient data if there is no payment. It’s a terror — and an outcome — that we experience seen a batch in the past few years.