Medical Specialty Practice Says Recent Hack Affects 224,500

Ransomware Operation Claims It Downloaded 2 Terabytes of Entity's Data Marianne Kolbasuk McGee (HealthInfoSec) • May 26, 2023

An upstate New York medical specialty practice told regulators that hackers compromised the personal and protected health information of nearly 224,500 employees and patients in an incident discovered in March.

See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources

RansomHouse lists the practice, Albany ENT & Allergy Services, on its dark web leak site. RansomHouse is a relatively new extortion gang that purportedly does not wield ransomware but may be a front for the White Rabbit ransomware operation. RansomHouse claims the practice's data was encrypted on March 23 and that hackers stole more than 2 terabytes of data.

Albany ENT and Allergy did not mention the alleged ransomware attack and data exfiltration in its breach report filed yesterday with the Maine state attorney general's office. The practice also did not immediately respond to Information Security Media Group's request for details about the incident.

In a sample breach notification letter, Albany ENT & Allergy said that on or about March 27, it became aware of "suspicious activity" on its computer network.

The ...